Systems and methods for a trusted consumer service

ABSTRACT

A system including one or more memory devices having instructions stored thereon, that, when executed by one or more processors, cause the one or more processors to receive a request from a user device of a user to add the user to a trusted user service, receive health behavior data of a health behavior data stream associated with behavior relating to a spread of an infectious disease at a physical location, determine whether the user meets one or more health safety levels based on the health behavior data stream, add the user to the trusted user service in response to a determination that the user meets the one or more health safety levels, and generate an access indication for the user to access the physical location at one or more particular times in response to the determination that the user meets the one or more health safety levels.

CROSS-REFERENCE TO RELATED PATENT APPLICATION

This application claims the benefit of and priority to U.S. ProvisionalApplication No. 63/044,082 filed Jun. 25, 2020, the entirety of which isincorporated by reference herein.

BACKGROUND

The present disclosure relates generally to risk analysis systems fordisease related risks. Some diseases, e.g., viruses, bacterialinfections, etc. can significantly affect the health of people, orcertain classes of people, who contract the disease. It may bebeneficial to take measures that restrict the ability of a healthyperson from contracting the disease or an infected person from spreadingthe disease. For example, behaviors such as wearing masks, practicingsocial distancing techniques, using alcohol based hand sanitizers,washing hands, self-quarantining when sick, avoiding high infectionareas, and other behaviors can reduce the spread of the disease.

SUMMARY Dynamic Travel Planning Based on Risk

One implementation of the present disclosure is a system including oneor more memory devices having instructions stored thereon, that, whenexecuted by one or more processors, cause the one or more processors toreceive travel data associated with a travel plan of a user indicatingone or more travel destinations. The instructions cause the one or moreprocessors to receive destination risk data indicating a destinationrisk of the one or more travel destinations associated with transmissionof an infectious disease, receive personal risk data indicating a riskof the user associated with the infectious disease, and generate aninfection travel risk score for the user based on the destination riskdata and the personal risk data.

In some embodiments, the instructions cause the one or more processorsto generate one or more suggestions to the travel plan based on theinfection travel risk score increasing to a value greater than aparticular amount caused by at least one of a first change to thedestination risk data or a second change to the personal risk data.

In some embodiments, the instructions cause the one or more processorsto generate travel routes from an originating location to the one ormore travel destinations, generate infection route risk scores for thetravel routes and perform at least one of generating a suggestion forthe user to travel on one of the travel routes associated with a lowestinfection route risk score, generating a user interfacing including anindication of the travel routes and the infection route risk scores, orgenerating a list including the travel routes ranked according to theinfection route risk scores associated with the travel routes.

In some embodiments, the personal risk data indicates whether the userhas previously contracted and recovered from the infectious disease.

In some embodiments, the instructions cause the one or more processorsto receive a request for the infection travel risk score from anexternal system, wherein the external system sends the request to theone or more processors in response to a user device of the userrequesting access from the external system to a service or location andcommunicate the infection travel risk score to the external system inresponse to receiving the request from the external system.

In some embodiments, the instructions cause the one or more processorsto receive a request to share the infection travel risk score from auser device of the user with a second user device or an external systemand responsive to receiving the request, perform at least one of sendingthe infection travel risk score to the user device, second user device,or the second external system or generating a shareable link to a datasource storing the infection travel risk score and send the link to theuser device.

In some embodiments, the instructions cause the one or more processorsto receive a manifest from a user device of the user representing atravel activity performed by the user, receive a second manifest from ablockchain, wherein the second manifest is a copy of the manifest,wherein the second manifest is stored in the blockchain by an externalsystem to create a record of the travel activity performed by the user,validate the manifest received from the user device with the secondmanifest of the blockchain, and generate the infection travel risk scorefor the user based on the travel activity represented by the manifest.

In some embodiments, the second manifest includes a first signature ofthe user device and a second signature of the external system. In someembodiments, the instructions cause the one or more processors todetermine that the first signature is authentic with a first public keyof the user device and determine that the second signature is authenticwith a second public key of the external system.

In some embodiments, the second manifest is hashed by the externalsystem. In some embodiments, the instructions cause the one or moreprocessors to validate the manifest received from the user device bydetermining that the manifest matches the second manifest by hashing themanifest received from the user device and comparing a hash of themanifest received from the user device to the second manifest hashed bythe external system.

In some embodiments, the instructions cause the one or more processorsto generate a travel itinerary for the user based on the travel data andrisk data associated with the travel plan and provide the travelitinerary to the user via a user interface of a user device, generateone or more suggested updates to the travel itinerary based on changesin the risk data to dynamically account for changes in the risk data asthe user is traveling, and provide the one or more suggested updates tothe user via the user interface of the user device.

In some embodiments, the instructions cause the one or more processorsto generate the travel itinerary based on disparate factors includingtravel modes, travel destinations, and stops along a travel route.

In some embodiments, the risk data indicates disease infection riskindicating a likelihood of the user contracting the infectious disease.

In some embodiments, the risk data is received by the one or moreprocessors as risk events from at least one of an event notificationsystem, a contact tracing system, or a health authority system.

In some embodiments, the risk data is contact tracing data, wherein thecontact tracing data indicates at least one of one or more pastlocations or one or more future locations of a person infected by theinfectious disease. In some embodiments, the instructions cause the oneor more processors to perform at least one of generating the travelitinerary to include one or more transportation selections that avoid atleast one of the one or more past locations or the one or more futurelocations of the person infected by the infectious disease or updating avalue of the infection travel risk score based on the contact tracingdata.

In some embodiments, the instructions cause the one or more processorsto determine risk values associated with dining options, select one ormore dining options from the dining options based on the risk valuesassociated with the dining options, and cause the travel itinerary toinclude the one or more dining options.

In some embodiments, the instructions cause the one or more processorsto determine risk values associated with overnight stay accommodationoptions, select one or more overnight stay accommodations from theovernight stay accommodation options based on the risk values associatedwith the overnight stay accommodation options, and cause the travelitinerary to include the one or more overnight stay accommodations.

In some embodiments, the risk data indicates a threat level associatedwith geographic areas. In some embodiments, the instructions cause theone or more processors to generate the travel itinerary by determiningone or more travel routes through one or more low risk geographic areasassociated with threat levels less than one or more other high riskgeographic areas. In some embodiments, the threat levels associated withthe geographic areas indicate a disease infection level of people withinthe geographic areas.

In some embodiments, the travel itinerary includes one or moretransportation selections. In some embodiments, the instructions causethe one or more processors to select the one or more transportationselections from transportation options based on transportation risk dataassociated with the transportation options.

In some embodiments, the one or more transportation selections includeone or more car rental selections. In some embodiments, the instructionscause the one or more processors to select the one or more car rentalselections from car rental options based on a health safety ratings ofthe car rental options.

In some embodiments, the one or more transportation selections includeone or more flight transportation selections. In some embodiments, thetransportation risk data associated with the transportation optionsincludes one or more of a length of a flight layover, a distance betweentwo flight gates of a connecting flight, a likelihood of the userneeding to eat during the traveling of the user, or an indication ofinfected individuals booked for a particular flight.

Another implementation of the present disclosure is a method includingreceiving, by a processing circuit, travel data associated with a travelplan of a user indicating one or more travel destinations and receiving,by the processing circuit, destination risk data indicating adestination risk of the one or more travel destinations associated withtransmission of an infectious disease. The method includes receiving, bythe processing circuit, personal risk data indicating a risk of the userassociated with the infectious disease and generating, by the processingcircuit, an infection travel risk score for the user based on thedestination risk data and the personal risk data.

In some embodiments, the method includes generating, by the processingcircuit, one or more suggestions to the travel plan based on theinfection travel risk score increasing to a value greater than aparticular amount caused by at least one of a first change to thedestination risk data or a second change to the personal risk data.

In some embodiments, the method includes generating, by the processingcircuit, travel routes from an originating location to the one or moretravel destinations, generating, by the processing circuit, infectionroute risk scores for the travel routes, and performing, by theprocessing circuit, at least one of generating a suggestion for the userto travel on one of the travel routes associated with a lowest infectionroute risk score, generating a user interfacing including an indicationof the travel routes and the infection route risk scores, or generatinga list including the travel routes ranked according to the infectionroute risk scores associated with the travel routes.

In some embodiments, the method includes generating, by the processingcircuit, a travel itinerary for the user based on the travel data andrisk data associated with the travel plan and provide the travelitinerary to the user via a user interface of a user device, generating,by the processing circuit, one or more suggested updates to the travelitinerary based on changes in the risk data to dynamically account forchanges in the risk data as the user is traveling, and providing, by theprocessing circuit, the one or more suggested updates to the user viathe user interface of the user device.

In some embodiments, the risk data indicates disease infection riskindicating a likelihood of the user contracting the infectious disease.

In some embodiments, the risk data is received by the processing circuitas risk events from at least one of an event notification system, acontact tracing system, or a health authority system.

Another implementation of the present disclosure is a system includingone or more memory devices having instructions stored thereon and one ormore processors configured to execute the instructions. The instructionscause the one or more processors to receive travel data associated witha travel plan of a user indicating one or more travel destinations,receive destination risk data indicating a destination risk of the oneor more travel destinations associated with transmission of aninfectious disease, receive personal risk data indicating a risk of theuser associated with the infectious disease, and generate an infectiontravel risk score for the user based on the destination risk data andthe personal risk data.

In some embodiments, the instructions cause the one or more processorsto generate one or more suggestions to the travel plan based on theinfection travel risk score increasing to a value greater than aparticular amount caused by at least one of a first change to thedestination risk data or a second change to the personal risk data.

In some embodiments, the instructions cause the one or more processorsto generate travel routes from a originating location to the one or moretravel destinations, generate infection route risk scores for the travelroutes, and perform at least one of generating a suggestion for the userto travel on one of the travel routes associated with a lowest infectionroute risk score, generating a user interface including an indication ofthe travel routes and the infection route risk scores, or generating alist including the travel routes ranked according to the infection routerisk scores associated with the travel routes.

In some embodiments, the instructions cause the one or more processorsto receive a manifest from a user device of the user representing atravel activity performed by the user, receive a second manifest from ablockchain, wherein the second manifest is a copy of the manifest,wherein the second manifest is stored in the blockchain by an externalsystem to create a record of the travel activity performed by the user,validate the manifest received from the user device with the secondmanifest of the blockchain, and generate the infection travel risk scorefor the user based on the travel activity represented by the manifest.

Trusted Provider Network

One implementation of the present disclosure is a system including oneor more memory devices having instructions thereon, that, when executedby one or more processors, cause the one or more processors to receive arequest from a service provider to be added to a trusted network ofservice providers and receive health safety data of a health data streamassociated with the service provider and risk data of a risk data streamindicating risk levels associated with the service provider. Theinstructions cause the one or more processors to determine that theservice provider meets a level of heath safety by correlating the healthsafety data of the health data stream with the risk data of the riskdata stream, receive a request from a device for a service providerrecommendation of the trusted network of service providers, and providean indication of the service provider to the device in response to areception of the request for the service provider recommendation.

In some embodiments, the health data stream indicates factors thatreduce a likelihood of a spread of a disease to users at a physicallocation of the service provider. In some embodiments, the risk datastream indicates risk factors that increase the likelihood of the spreadof the disease at the physical location of the service provider.

In some embodiments, the device is a user device of a user, wherein theuser requests the service provider to procure a product or service ofthe service provider.

In some embodiments, the device is a service provider device of a secondservice provider of the trusted network of service providers, whereinthe second service provider requests the service provider to partnerwith the service provider.

In some embodiments, the instructions cause the one or more processorsto add the service provider to a list of the trusted network of serviceproviders in response to a determination that the service provider meetsthe level of heath safety, receive second health safety data associatedwith a second service provider of the trusted network of serviceproviders, determine, based on an analysis of the second heath safetydata, that the second service provider has a particular health safetylevel less than the level of heath safety, and remove the second serviceprovider from the list of the trusted network of service providers.

In some embodiments, the health safety data associated with the serviceprovider indicates a health level of each of employees associated withthe service provider.

In some embodiments, the health safety data associated with the serviceprovider indicates one or more cleaning procedures performed at aphysical location of the service provider.

In some embodiments, the health safety data associated with the serviceprovider is received from a health inspector user device of a healthinspector, wherein the health safety data indicates a result of a healthinspection performed by the health inspector.

In some embodiments, the health safety data includes surveillance videodata of a physical location associated with the service provider,wherein the surveillance video data indicates whether one or more healthprocedures are followed at the physical location.

In some embodiments, the health safety data indicates whether one ormore restricted shopping times are offered at a physical location of theservice provider for customers associated with a level of personalhealth safety above a predefined amount.

In some embodiments, the trusted network of service providers include atleast one of an airline, a hotel, a car rental service, a brick andmortar retail store, or a commercial business.

In some embodiments, the risk data indicates disease infection levels ina geographic area associated with the service provider.

In some embodiments, the risk data indicates a number of infectedindividuals within a physical location of the service provider.

In some embodiments, the health safety data indicates whether theemployees have previously contracted and recovered from an infectiousdisease.

In some embodiments, the instructions cause the one or more processorsto receive a manifest from the service provider, the manifest indicatingat least one of the health safety data or the risk data, receive asecond manifest from a blockchain, wherein the second manifest is a copyof the manifest, wherein the second manifest is stored in the blockchainby an external system to create a record of the health safety data orthe risk data, validate the manifest received from the service providerwith the second manifest of the blockchain, and determine that theservice provider meets a level of heath safety by correlating the healthsafety data with the risk data in response to validating the manifest.

In some embodiments, the second manifest includes a first signature ofthe service provider and a second signature of the external system. Insome embodiments, the instructions cause the one or more processors todetermine that the first signature is authentic with a first public keyof the service provider and determine that the second signature isauthentic with a second public key of the external system.

In some embodiments, the second manifest is hashed by the externalsystem. In some embodiments, the instructions cause the one or moreprocessors to validate the manifest received from the service providerby determining that the manifest matches the second manifest by hashingthe manifest received from the service provider and comparing a hash ofthe manifest received from the service provider to the second manifesthashed by the external system.

Another implementation of the present disclosure is a system includingone or more memory devices having instructions thereon, that, whenexecuted by one or more processors, cause the one or more processors tostore a trusted network of service providers in the one or more memorydevices, the trusted network of service providers including serviceproviders and receive a request by a first service provider of theservice providers for risk data of a second service provider of theservice providers. The instructions cause the one or more processors todetermine that the first service provider is assigned access to the riskdata of the second service provider and provide the first serviceprovider the risk data of the second service provider in response to adetermination that the first service provider is assigned access to therisk data of the second service provider.

In some embodiments, the instructions cause the one or more processorsto receive a request by the second service provider for first risk dataof the first service provider, determine that the second serviceprovider is assigned access to the first risk data of the first serviceprovider, and provide the second service provider the first risk data ofthe first service provider in response to a particular determinationthat the second service provider is assigned access to the first riskdata of the first service provider.

In some embodiments, the risk data indicates a risk level associatedwith an asset of the second service provider.

In some embodiments, the risk level indicates risk associated with aphysical room associated with the second service provider, a physicallocation associated with the second service provider, or a vehicleassociated with the second service provider.

In some embodiments, the risk data includes health data that indicatesfactors that reduce a likelihood of a spread of a disease to users at aphysical location of the second service provider. In some embodiments,the risk data includes risk related data that indicates risk factorsthat increase the likelihood of the spread of the disease at thephysical location of the second service provider.

In some embodiments, the trusted network of service providers indicatesthat the first service provider is granted access to a first set ofservice providers of the service providers and is denied access to asecond set of service providers of the service providers.

Another implementation of the present disclosure is a method includingreceiving, by a processing circuit, a request from a service provider tobe added to a trusted network of service providers and receiving, by theprocessing circuit, health safety data of a health data streamassociated with the service provider and risk data of a risk data streamindicating risk levels associated with the service provider. The methodincludes determining, by the processing circuit, that the serviceprovider meets a level of heath safety by correlating the health safetydata of the health data stream with the risk data of the risk datastream, receiving, by the processing circuit, a request by the serviceprovider for risk data of a second service provider of the trustednetwork of service providers, determining, by the processing circuit,that the service provider is assigned access to the risk data of thesecond service provider, and providing, by the processing circuit, theservice provider the risk data of the second service provider inresponse to a determination that the service provider is assigned accessto the risk data of the second service provider.

In some embodiments, the health data stream indicates factors thatreduce a likelihood of a spread of a disease to users at a physicallocation of the service provider. In some embodiments, the risk datastream indicates risk factors that increase the likelihood of the spreadof the disease at the physical location of the service provider.

In some embodiments, the method includes adding, by the processingcircuit, the service provider to a list of the trusted network ofservice providers in response to a second determination that the serviceprovider meets the level of heath safety, receiving, by the processingcircuit, second health safety data associated with the second serviceprovider of the trusted network of service providers, determining, bythe processing circuit, based on an analysis of the second heath safetydata, that the second service provider has a particular health safetylevel less than the level of heath safety, and removing, by theprocessing circuit, the second service provider from the list of thetrusted network of service providers.

In some embodiments, the method includes receiving, by the processingcircuit, a manifest from the service provider, the manifest indicatingat least one of the health safety data or the risk data, receiving, bythe processing circuit, a second manifest from a blockchain, wherein thesecond manifest is a copy of the manifest, wherein the second manifestis stored in the blockchain by an external system to create a record ofthe health safety data or the risk data, validating, by the processingcircuit, the manifest received from the service provider with the secondmanifest of the blockchain, and determining, by the processing circuit,that the service provider meets a level of heath safety by correlatingthe health safety data with the risk data in response to validating themanifest.

Trusted Consumer Service

One implementation of the present disclosure is a system including oneor more memory devices having instructions stored thereon, that, whenexecuted by one or more processors, cause the one or more processors toreceive a request from a user device of a user to add the user to atrusted user service associated with a provider of goods or services andreceive health behavior data of a health behavior data stream associatedwith behavior relating to a spread of an infectious disease at aphysical location. The instructions cause the one or more processors todetermine whether the user meets one or more health safety levels basedon the health behavior data stream, add the user to the trusted userservice in response to a determination that the user meets the one ormore health safety levels, and generate an access indication of accessto the physical location at one or more particular times in response tothe determination that the user meets the one or more health safetylevels.

In some embodiments, the instructions cause the one or more processorsto provide the access indication to a user device of the user, whereinthe access indication is at least one of a credential, an accesspassword, or an identifier.

In some embodiments, the instructions cause the one or more processorsto add the user to a trusted shopper list of trusted shoppers inresponse to the determination that the user meets one or more healthsafety rules, receive second health behavior data associated with asecond user of the trusted shopper list of trusted shoppers, determine,based on an analysis of the second heath behavior data, that the seconduser has broken one or more health safety rules, and remove the seconduser from the trusted shopper list of trusted shoppers in response to asecond determination that the second user has broken one or more healthsafety rules.

In some embodiments, the instructions cause the one or more processorsto receive a service provider request for a particular service providerof a list of trusted service providers from the user device, verify thatthe user of the user device has access to the list of trusted serviceprovider, and provide an indication of the particular service providerto the user device.

In some embodiments, the instructions cause the one or more processorsto receive risk data of a risk data stream indicating risk levelsassociated with the user. In some embodiments, the instructions causethe one or more processors to determine whether the user meets one ormore health safety levels by correlating the health behavior data of thehealth behavior data stream with the risk data of the risk data stream.

In some embodiments, the risk data indicates at least one of diseaseinfection levels of one or more geographic areas that the user has beenpresent within during a particular period of time or contact of the userwith one or more infected persons.

In some embodiments, the access indication is associated with access tothe physical location at one or more restricted hours restricted formembers of the trusted user service.

In some embodiments, the instructions cause the one or more processorsto provide an identity of the user to a physical location system of thephysical location, wherein the physical location system is configured toreceive the identity of the user via one or more sensing devices of thephysical location and operate one or more doors to provide the useraccess to the physical location based on the identity of the user.

In some embodiments, the health behavior data is received from asurveillance system and is video data of the user at the physicallocation. In some embodiments, the instructions cause the one or moreprocessors to determine whether the health behavior data meets one ormore health safety levels by analyzing the video data to determinewhether the user follows one or more health safety rules within thephysical location.

In some embodiments, the one or more health safety rules include one ormore social distancing guidelines, use of a mask, or use of sanitizationwithin the physical location.

In some embodiments, the instructions cause the one or more processorsto receive a manifest from a user device of the user representing atravel activity performed by the user, receive a second manifest from ablockchain, wherein the second manifest is a copy of the manifest,wherein the second manifest is stored in the blockchain by an externalsystem to create a record of the travel activity performed by the user,validate the manifest received from the user device with the secondmanifest of the blockchain, and determine whether the user meets one ormore health safety levels based on the health behavior data stream andthe travel activity.

In some embodiments, the second manifest includes a first signature ofthe user device and a second signature of the external system. In someembodiments, the instructions cause the one or more processors todetermine that the first signature is authentic with a first public keyof the user device and determine that the second signature is authenticwith a second public key of the external system.

In some embodiments, the second manifest is hashed by the externalsystem. In some embodiments, the instructions cause the one or moreprocessors to validate the manifest received from the user device bydetermining that the manifest matches the second manifest by hashing themanifest received from the user device and comparing a hash of themanifest received from the user device to the second manifest hashed bythe external system.

Another implementation of the present disclosure is a method includingreceiving, by a processing circuit, a request from a user device of auser to add the user to a trusted user service associated with aprovider of goods or services, receiving, by the processing circuit,health behavior data of a health behavior data stream associated withbehavior relating to a spread of an infectious disease at a physicallocation, determining, by the processing circuit, whether the user meetsone or more health safety levels based on the health behavior data,adding, by the processing circuit, the user to the trusted user servicein response to a determination that the user meets the one or morehealth safety levels, and generating, by the processing circuit, anaccess indication for access to the physical location at one or moreparticular times in response to the determination that the user meetsthe one or more health safety levels.

In some embodiments, the method includes adding, by the processingcircuit, the user to a trusted shopper list of trusted shoppers inresponse to the determination that the user meets one or more healthsafety rules, receiving, by the processing circuit, second healthbehavior data associated with a second user of the trusted shopper listof trusted shoppers, determining, by the processing circuit, based on ananalysis of the second heath behavior data, that the second user hasbroken one or more health safety rules, and removing, by the processingcircuit, the second user from the trusted shopper list of trustedshoppers in response to a second determination that the second user hasbroken one or more health safety rules.

In some embodiments, the method includes receiving, by the processingcircuit, a service provider request for a particular service provider ofa list of trusted service providers from the user device, verifying, bythe processing circuit, that the user of the user device has access tothe list of trusted service providers, and providing, by the processingcircuit, an indication of the particular service provider to the userdevice.

In some embodiments, receiving, by the processing circuit, risk data ofa risk data stream indicating risk levels associated with the user. Insome embodiments determining, by the processing circuit, whether theuser meets one or more health safety levels includes correlating thehealth behavior data of the health behavior data stream with the riskdata of the risk data stream.

In some embodiments, the risk data indicates at least one of diseaseinfection levels of one or more geographic areas that the user has beenpresent within during a particular period of time or contact of the userwith one or more infected persons.

In some embodiments, the access indication is associated with access tothe physical location at one or more restricted hours restricted formembers of the trusted user service.

In some embodiments, the health behavior data is received from asurveillance system and is video data of the user at the physicallocation. In some embodiments, the method further includes determining,by the processing circuit, whether the health behavior data meets theone or more health safety levels by analyzing the video data todetermine whether the user follows one or more health safety ruleswithin the physical location.

In some embodiments, the one or more health safety rules include one ormore social distancing guidelines, use of a mask, or use of sanitizationwithin the physical location.

Another implementation of the present disclosure is a system includingone or more memory devices having instructions stored thereon. Thesystem includes one or more processors configured to execute theinstructions to receive a request from a user device of a user to addthe user to a trusted user service associated with a provider of goodsor services, receive a travel history of the user indicatingdestinations that the user has traveled to, determine whether the usermeets one or more health safety levels by analyzing the travel historyof the user, add the user to the trusted user service in response to adetermination that the user meets the one or more health safety levels,and generate an access indication for the user to access the physicallocation at one or more particular times in response to thedetermination that the user meets the one or more health safety levels.

In some embodiments, the instructions cause the one or more processorsto add the user to a trusted shopper list of trusted shoppers inresponse to the determination that the user meets one or more healthsafety rules, receive second health behavior data associated with asecond user of the trusted shopper list of trusted shoppers, determine,based on an analysis of the second heath behavior data, that the seconduser has broken the one or more health safety rules, and remove thesecond user from the trusted shopper list of trusted shoppers inresponse to a second determination that the second user has broken theone or more health safety rules.

In some embodiments, the personal risk data indicates whether the userhas previously contracted and recovered from the infectious disease.

In some embodiments, the instructions cause the one or more processorsto receive a manifest from a user device of the user representing atravel activity performed by the user, receive a second manifest from ablockchain, wherein the second manifest is a copy of the manifest,wherein the second manifest is stored in the blockchain by an externalsystem to create a record of the travel activity performed by the user,and validate the manifest received from the user device with the secondmanifest of the blockchain.

In some embodiments, the second manifest includes a first signature ofthe user device and a second signature of the external system. In someembodiments, the instructions cause the one or more processors todetermine that the first signature is authentic with a first public keyof the user device and determine that the second signature is authenticwith a second public key of the external system.

In some embodiments, the second manifest is hashed by the externalsystem. In some embodiments, the instructions cause the one or moreprocessors to validate the manifest received from the user device bydetermining that the manifest matches the second manifest by hashing themanifest received from the user device and comparing a hash of themanifest received from the user device to the second manifest hashed bythe external system.

BRIEF DESCRIPTION OF THE DRAWINGS

Various objects, aspects, features, and advantages of the disclosurewill become more apparent and better understood by referring to thedetailed description taken in conjunction with the accompanyingdrawings, in which like reference characters identify correspondingelements throughout. In the drawings, like reference numbers generallyindicate identical, functionally similar, and/or structurally similarelements.

FIG. 1 is a block diagram of a system including a risk analytics systemthat receives health data streams and risk data streams for analyzingdisease related risk including a travel application, a consumer serviceapplication, and a trusted service provider application, according to anexemplary embodiment.

FIG. 2 is a block diagram of the travel application of FIG. 1 in greaterdetail, according to an exemplary embodiment.

FIG. 3 is a flow diagram of a process of generating and dynamicallyupdating a travel itinerary based on disease related risk that can beperformed by the travel application of FIGS. 1-2, according to anexemplary embodiment.

FIG. 4 is a block diagram of the trusted service provider application ofFIG. 1 in greater detail, according to an exemplary embodiment.

FIG. 5 is a flow diagram of a process of managing a trusted network ofservice providers based on disease related risk that can be performed bythe trusted service provider application of FIGS. 1 and 4, according toan exemplary embodiment.

FIG. 6 is a block diagram of the consumer service application of FIG. 1in greater detail, according to an exemplary embodiment.

FIG. 7 is a flow diagram of a process of managing a trusted consumerservice based on disease related risk that can be performed by theconsumer service application of FIGS. 1 and 6, according to an exemplaryembodiment.

FIG. 8 is a flow diagram of a process of generating an infection travelrisk score for a user by the travel application of FIG. 1, according toan exemplary embodiment.

FIG. 9 is a block diagram of the risk analytics system of FIG. 1performing risk scoring for an external system, according to anexemplary embodiment.

FIG. 10 is a flow diagram of a process of performing risk scoring by therisk analytics system of FIG. 1 for the external system of FIG. 9,according to an exemplary embodiment.

FIG. 11 is a block diagram of the risk analytics system of FIG. 1sharing infectious disease data with another user device or the externalsystem of FIG. 9 based on a command received from a user device,according to an exemplary embodiment.

FIG. 12 is a flow diagram of a process of sharing infectious diseasedata with another user device or the external system of FIG. 9 based ona command received from the user device of FIG. 11, according to anexemplary embodiment.

FIG. 13 is a block diagram of a manifest indicating user activity of theuser of the user device of FIG. 11 being added to a blockchain database,according to an exemplary embodiment.

FIG. 14 is a flow diagram of a process where the manifest of FIG. 13 isadded to the blockchain database of FIG. 13 and used to verify useractivity of the user of the user device of FIG. 11, according to anexemplary embodiment.

DETAILED DESCRIPTION Overview

Referring generally to the FIGURES, systems and methods are shown thatoperate based on disease related risk, according to various exemplaryembodiments. First, the systems and methods described herein relate todynamic travel planning based on disease related risk. The systems cangenerate an itinerary that plans a trip for a user in such a manner thatthe health of the user is taken into account with respect to diseaserelated risks. For example, the systems can generate the itinerary toinclude plans that utilize transportation options, overnightaccommodation options, and/or other travel decisions that pose a lowrisk level to the user. Furthermore, the itinerary can be updateddynamically by the system so that as factors affecting a risk level ofthe user change during the traveling of the user, suggested updates tothe travel itinerary can be received and acted upon by the user.

The system can evaluate risk levels associated with the travel of theuser while the user is traveling. This can result in an evolvingindication of risk that is easily understandable by a user. Furthermore,because the system can cause user interfaces to display indicators suchas the evolving risk and the suggested updates to the travel itinerary,a user can easily understand what actions the user can take to reducethe infection risk that the user is exposed to during their trip.

The systems and methods can further relate to managing a trusted serviceprovider network based on disease related risk. The system can receivehealth related data streams associated with a particular serviceprovider. For example, the health related data streams can indicate thesocial distancing, disinfection, and/or screening procedures that aservice provider uses for their rental cars, hotel rooms, physicalshopping stores, etc. Furthermore, the system can receive risk data of arisk data stream. The risk data can indicate risk levels associated withthe service provider, for example, disease infection levels in ageographic area that the service provider operations, number of infectedindividuals that have visited a physical store or used a car or hotelroom of the service provider, and/or any other risk related data.

Based on the health data streams and the risk data streams associatedwith the service provider, the system can determine whether to add orremove the service provider from a trusted service provider network. Thesystem can correlate the health and risk data streams. This correlationcan allow for a determination of risk levels of the service providerthat allows for more accurate and granular insights into the risk of theservice provider than would be identified from the health data stream orthe risk data stream individually. By managing the trusted serviceprovider network to include highly reliable service providers thatfollow protocols and pose a low risk to customer or business partners,other entities that wish to use a reliable service provider can consultthe trusted service provider network to find a safe and reliable serviceprovider. For example, a customer looking for a car rental service couldquery the trusted network of service providers to identify a safe carrental service.

Furthermore, the systems and methods described herein relate to apreferred consumer service application. The system can be configured toreceive a request from a user to be added to a preferred consumerservice to acquire benefits offered to members of the preferred consumerservice, e.g., price discounts, access to restricted shopping times at aphysical store, etc. The system can be configured to receive data of ahealth data stream associated with the user and risk data of a risk datastream associated with the user. Again, the correlation of health andrisk data can uncover greater insight into risk levels associated withthe user that would not be identified with the health or risk dataindividually.

The health data stream can indicate whether the user follows socialdistancing practices, disinfection and hand washing practices, maskwearing policies, etc. The risk data can be data of a risk data streamcan indicate whether the user has come into contact with infectedindividuals, lives or works in a high infection geographic area, hasrecently visited a country with a high infection level, and/or any otherrisk factor. Based on the health data stream and the risk data stream,the systems and methods can add or remove users from the preferredconsumer service.

Referring now to FIG. 1, a system 100 including a risk analytics system110 that receives health data streams and risk data streams foranalyzing disease related risk including a travel application 124, apreferred consumer service application 126, and a trusted serviceprovider application 128 is shown, according to an exemplary embodiment.The risk analytics system 110 includes a data ingestion service 130 andrisk application 118 that include the travel application 124, thepreferred consumer service application 126, and the trusted serviceprovider application 128.

The data ingestion service 130 can be configured to ingest health dataof health data streams and risk data of risk data streams. Furthermore,the data ingestion service can ingest threat events. The ingested datacan be provide to the risk application 118. The data ingestion servicecan include one or more memories 132 and one or more processors 134.

The processors 134 can be a general purpose or specific purposeprocessor, an application specific integrated circuit (ASIC), one ormore field programmable gate arrays (FPGAs), a group of processingcomponents, or other suitable processing components. The processors 134may be configured to execute computer code and/or instructions stored inthe memories 132 or received from other computer readable media (e.g.,CDROM, network storage, a remote server, etc.).

The memories 132 can include one or more devices (e.g., memory units,memory devices, storage devices, etc.) for storing data and/or computercode for completing and/or facilitating the various processes describedin the present disclosure. The memories 132 can include random accessmemory (RAM), read-only memory (ROM), hard drive storage, temporarystorage, non-volatile memory, flash memory, optical memory, or any othersuitable memory for storing software objects and/or computerinstructions. The memories 132 can include database components, objectcode components, script components, or any other type of informationstructure for supporting the various activities and informationstructures described in the present disclosure. The memories 132 can becommunicably connected to the processors 134 and can include computercode for executing (e.g., by the processors 134) one or more processesdescribed herein.

The data ingestion service 130 can receive the threat events, the healthdata streams, and the risk data streams via network 104. The network 104can communicatively couple the devices and systems of system 100. Insome embodiments, the network 104 is at least one of and/or acombination of a Wi-Fi network, a wired Ethernet network, a ZigBeenetwork, a Bluetooth network, and/or any other wireless network. Thenetwork 104 may be a local area network or a wide area network (e.g.,the Internet, a building WAN, etc.) and may use a variety ofcommunications protocols (e.g., BACnet, IP, LON, etc.). The network 104may include routers, modems, servers, cell towers, satellites, and/ornetwork switches. The network 104 may be a combination of wired andwireless networks.

The system 100 includes a contact tracing system 116, user devices 115,transportation systems 106, building meeting systems 108, health datasystems 111, physical store system 112, surveillance system 114, andthreat event data sources 102. The threat event data sources 102 can bedata sources that provide a notification of a threat occurring. Thethreat event data sources 102 could be dataminr, NC4, Twitter, socialmedia data, a news outlet, etc. The threat event data sources 102 canprovide indications of threat events to the data ingestion service 130,for example, an indication of a disease outbreak, an indication of aprotest occurring, an indication of a natural disaster, that a user hascaught a disease, that a sporting event is occurring, etc.

The contact tracing system 116 can be a system or group of systems thatmonitor and track infected individuals and monitor and track otherindividuals who come into contact with the infected individuals. Thecontact tracing system 116 can be a centralized system that aggregatesand stores data or a distributed system, e.g., multiple user devicesrunning a local application. The contact tracing system 116 can be auser opt-in system where users allow for their location to be trackedand provide an indication to the contact tracing system 116 regardingwhether they are experiencing disease symptoms, have been hospitalizeddue to a disease, and/or have tested positive for a disease.

In some embodiments, the contact tracing system 116 can be managed bythe risk analytics system 110 or external to the contact tracing system116. The contact tracing system 116 can be managed by another system,e.g., the contact tracing system 116 could be a Google contact tracingsystem or an Apple contact tracing system. The internal or externalcontact tracing could provide contact tracing data that the contacttracing system 116 is configured to use to generate risk scores forusers and/or locations, in some embodiments. The contact tracing can beperformed through peer to peer communication, e.g., ad-hoc communicationbetween two user devices that identify an interaction between two users.In some embodiments, the contact tracing can be performed with badgesthat communicate with building scanning systems. In some embodiments, athe contact tracing system uses vehicle tracking data, e.g., GPS data ofthe vehicle and/or driver detection and/or identification.

The user devices 115 can be personal device of a user. For example, theuser devices can be smart phones, laptops, tablets, etc. The userdevices 115 can be carried by a user and configured by the user toprovide location data indicating a location of a user device to the dataingestion service 130. The user devices 115 can include display devices,e.g., touch-screens, light emitting diode (LED) displays, organic lightemitting diode (OLED) display, a liquid crystal display (LCD), etc. Theuser devices 115 can further include interface devices, e.g., capacitiveor resistive touch inputs, keyboards, mouse, a remote, etc.

The transportation systems 106 can provide transportation data to therisk analytics system 110. The transportation systems 106 can be anairline system, a train system, a bus system, a taxi system, a carrental system, a ride share system, and/or any other type of system. Forexample, if the transportation system is an airline system, the airlinesystem can provide risk data, e.g., data that indicates an increasedrisk of infection, such as an indication of flight lengths, layovers,distances between terminals and/or gates, number of booked passengers,etc. to the risk analytics system 110.

The building meeting systems 108 can be a system that books meetingrooms within a building and/or buildings. The building meeting systems108 can provide the risk analytics system 110 with risk data regardingbuilding meeting rooms of a building, e.g., room size, room ventilationrates, room capacity, time since the room was last occupied, etc.Furthermore the building meeting systems 108 can provide health dataassociated with the meeting rooms, room cleaning or disinfectionfrequency, time since last disinfection, etc.

The health data systems 111 can be systems that aggregate diseaserelated infection levels for geographic areas (e.g., risk data streams)and provide the information to the risk analytics system 110. The healthdata systems 111 can be Center For Disease Control And Prevention (CDC)systems, data published by John Hopkins University systems, datapublished by the World Health Organization (WHO), and/or any otherhealth data system. The data published by the health data system 100 canbe real-time data that changes as disease infections are detected andreported by hospitals and/or disease testing facilities.

The physical store system 112 can be systems of a physical place ofbusiness, e.g., a retail store, a restaurant, a car rental facility,and/or any other type of physical brick and mortar store. The physicalstore system 112 can provide health related data, e.g., indications ofsocial distancing practiced at the store, signs and instructions forcustomers to follow within the building (e.g., standing six feet apart,wearing a mask, etc.), indications of cleaning and disinfectionpractices, etc.

The surveillance system 114 can be a system of one or more cameras,video storage and/or analysis systems, etc. The surveillance system 114can integrate with and/or communicate to the physical store system 112.The surveillance system 114 can be located at a building, e.g., aphysical store. The surveillance system 114 can identify, based oncaptured video data, whether employees and/or customers follow socialdistancing practices, cleaning and/or disinfection practices, wearmasks, etc.

The risk application 118 include the travel application 124, thepreferred consumer service application 126, and the trusted serviceprovider application 128. These application 124-128 can be executed byone or more processors 122 and stored on one or more memories 120. Theone or more processors 122 can be the same as or similar to the one ormore processors 134 while the one or more memories 120 can be the sameas or similar to the memories 132.

The travel application 124 can be a system for planning travel for auser, an employee of a company, a subscribed individual, etc. The travelapplication 124 can be configured to generate and/or analyze travelplans based on real time risk to facilitate proper travel planningand/or mid-travel plan deviation. The travel application 124 can receivean indication of one or more destinations and time data from the userdevices 115 and generate a travel itinerary (e.g., a data set includingone or more selected transportation methods, one or more selectedovernight stay reservations, one or more selected restaurants, etc.). Insome embodiments, if a user authorizes data sharing, the travelapplication 124 can provide the travel itinerary to the contact tracingsystem 116 for the contact tracing system 116 to operate one or contacttracing purposes.

The travel application 124 can analyze the health data streams and/orrisk data streams received from the network 104 to determine whether anydeviations should be taken to the travel itinerary while the user istraveling. In some embodiments, the health data streams and/or the riskdata streams are combined within a single data stream. For example,real-time risk related data or threat event data can indicate that adeviation in travel would lower a risk score of the user. For example,the travel application 124 could calculate a risk score associated withthe user flying a particular airline through a particular airport,dining at a restaurant, and sleeping at a hotel.

However, if there is a disease outbreak associated with the restaurantwhile the user is on their flight, the travel application 124 couldgenerate a suggested alternative restaurant for the user to dine in andcause a user interface of a user device to display the suggestion to beaccepted or rejected by the user via one or more accept or rejectinterface elements displayed on the user interface. Furthermore, thetravel application 124 could reschedule a meeting room from a first roomto a second room in response to a detection that the first room has notbeen sanitized, an infected individual has recently been present in thefirst room, etc.

In some embodiments, the travel application 124 can score multipleroutes of travel based on the mode of transportation and a destination.One or multiple routes and/or the score for each route can be providedto a user for review to select a route that is safest where it isunlikely that the user will catch an infectious disease. Each route canbe scored based on the travel mode itself in addition to restaurants,hotels, rest stops, etc. along the route. The route with the lowest riskscore or the highest safety score can be provided to the user. In someembodiments, the travel application 124 can recommend that the user skiphaving dinner at a certain hotel or in a certain city, stay in a hoteloutside of a city with a high infection rate, skip visiting a city, etc.The travel application 124 can generate a travel itinerary based onmultiple disparate factors, the travel mode itself (e.g., plane, train,bus, car), the hotels along the routes, the restaurants, along theroutes, the infection levels of the various cities along the routesand/or the destinations, etc.

The preferred consumer service application 126 can manage a service thatone or more users subscribe to, e.g., via the user devices 115. Theservice can be a subscription service that provides benefits tosubscribed users, e.g., price discounts on products or service, accessto restricted shopping hours in a physical store, exclusive product orservice previews, early product or service access, etc. The access tothe restricted shopping hours, or other access to an asset of a goods orservice provider, could be a credential, a password or an identifier ofthe user. The preferred consumer service application 126 can receivehealth data streams and/or risk data streams associated with a user todetermine whether the user should be added to the preferred consumerservice and/or granted the discounts of the preferred consumer service.

For example, the surveillance system 114 can indicate whether the userhas worn a mask when visiting a physical store, has practiced socialdistancing in the physical store, etc. and should be granted access toprice discounts. Furthermore, the contact tracing system 116 can providerisk data that indicates whether the user has been in contact withinfected individuals and should be provided access to the restrictedshopping hours.

In some embodiments, the preferred consumer service application 126 cangenerate utilize a travel history (e.g., a collection of travel data,contact tracing data, hotel receipts, restaurant receipts, user reporteddata, etc.) of a user to determine whether to classify the user as apreferred consumer. In some embodiments, the preferred consumer serviceapplication 126 is configured to determine an expected risk level of auser of a planned trip to an actual risk level resulting from actualtravel decisions made during the trip (e.g., what the user did duringthe trip, where the user traveled, where the user stayed, who the usercame into contact with, etc.). Based on the difference between theexpected risk level and the actual risk level, the preferred consumerservice application 126 can determine whether the user should be addedto, retained in, or removed from a preferred consumer list.

The trusted service provider application 128 can manage a network oftrusted service providers based on health data streams and/or risk datastreams associated with the trusted service providers. The application128 can analyze data associated with the service provider, e.g., whatdisinfection practices are performed by the service provider for theirstore, rental cars, hotel rooms, etc. Whether the service provider islocated in a high infection area or a low infection area (e.g., islocated in a geographic area associated with an infection level above orbelow particular amounts), etc. If the trusted service provider meetsone or more requirements as determined by the health data streams andthe risk data streams, the trusted service provider can be added by thetrusted service provider application 128 to a network of trusted serviceproviders list. Partnering systems and/or consumer systems can query thetrusted service provider application 128 for a trusted service providerand can be recommended a trusted service provider by the trusted serviceprovider application 128.

In some embodiments, the trusted service provider application 128 scoresa building or buildings of a service provider to determine whether toadd the service provide to the trusted service provider application 128.The application 128 can generate a safety score associated withcommunities, buildings, etc. For example, the application 128 can beconfigured to generate a score for a building based on buildingsanitation practices, HVAC air handling practices, fire systempractices, screening practices, etc.

In some embodiments, the applications 124-128 can communicate with eachother to exchange data. For example, the travel data of users stored bythe travel application 124 can be provided to the preferred consumerservice application 126 to monitor user movement if the user has givenapproval for their movement to be tracked. Furthermore, the travelapplication 124 can make travel determinations based on whethertransportation, hotels, car rental services, restaurants, etc. aretrusted and safe as can be indicated by the trusted service providerapplication 128.

Furthermore, the risk application 118 can exchange data with the systems106-116. This can form a community of companies, e.g., companies thatare trusted services as identified by the trusted service providerapplication 128. This can create a group of partner companies and/or aconsortium of companies. For example, travel data of the travelapplication 124 can be shared with the contact tracing system 116.

Referring now to FIG. 2, the travel application 124 of FIG. 1 shown ingreater detail, according to an exemplary embodiment. The travelapplication 124 can receive user input from a user device 210. The userdevice 210 can be one of, or similar to the user devices 115. The userdevice 210 can be a smartphone and can include a touchscreen for viewingdata and/or providing input. A user can define one or more traveldestinations, one or more travel dates and/or times, departure times,arrival times, food preferences, overnight stay accommodationpreferences, etc. This data can be provided as the user input to thetravel application 124.

An itinerary generator 202 of the travel application 124 can receivetransportation data from the transportation systems, 106, threat eventsfrom the threat event data sources 102, and location based health datafrom the health data systems 111. The itinerary generator 202 cangenerate a travel itinerary 206 based on the destinations provided bythe user and the data received from the systems 106-115. The itinerarygenerator 202 can analyze legs of a flight, legs of a travel plan, realtime contact tracing of other people in an area, risk factors associatedwith varying layovers, length of layovers, distance between flightgates, likelihood of needing to eat, social distancing practice scoresin airports, infection levels of various geographic locations, etc. toselect transportation options for the itinerary 208.

The itinerary generator 202 can calculate a risk score associated withmultiple possible transportation options and weight each score based onrisk factors such as a number of stops since each stop increases contactrisk, e.g., waiting in new lines with new people. Furthermore, forrideshare or car rental options, the length of the ride may beconsidered in risk that affects the risk score of the itineraries.Furthermore, an age of a user associated with the user device 210 and/orthe presence of preexisting conditions can be considered by theitinerary generator 202 in generating the itinerary 206. Some users,e.g., young users without any preexisting health conditions, may have ahigher risk tolerance than older users with preexisting healthconditions.

In some embodiments, wherein the risk data is contact tracing datareceived from the contact tracing system 116. The contact tracing dataindicates one or more past locations and one or more future plannedlocations of one or multiple different people infected by a disease. Theitinerary generator 202 can be configured to generate the travelitinerary 206 to include one or more transportation selections,transportation routes, and/or hotel accommodations that avoid the one ormore past locations and the one or more future locations of the personinfected by the disease. This reduces a risk level of the travelinguser. Furthermore, as new locations of infected individuals is receivedby the travel application 124, the real-time suggestion generator 200can generate updates to the itinerary 206 that avoid the locations ofthe infected individuals, e.g., avoid getting on a plane that aninfected individuals is on, avoid a hotel that a high number of infectedindividuals are staying at, etc.

Based on risk data associated with various dining options, the itinerarygenerator 202 can be configured to generate a risk value associated witheach of the dining options and select a dining option with a lowest riskvalue and/or with a risk value less than a predefined amount. In someembodiments, the itinerary generator 202 can select the dining optionbased on a risk toleration level of a user and one or more diningpreferences of the user. The risk data can indicate numbers ofinfections in a geographic area that the restaurant is located in,whether infected individuals have or will go to the restaurant, etc. Asthe risk data changes for the restaurants, the real-time suggestiongenerator 200 can generate real-time travel suggestions 204 thatrecommend different restaurants in response a risk level for a plannedrestaurant exceeds a particular level.

In some embodiments, the itinerary generator 202 can be configured togenerate a risk value for each of multiple overnight stay accommodationoptions. The itinerary generator 202 can cause the itinerary 206 toinclude selected overnight stay accommodations that reflect risk valuesless than a particular amount. For example, the itinerary generator 202can identify multiple price ranges for accommodation options in adesired geographic destination regions and rank the accommodationoptions in terms of risk. The risk data can indicate infection levels inthe area that each accommodation is located, whether infectedindividuals have, are, or will be staying the accommodation, etc.Furthermore, health data such as disinfection policies of eachaccommodation can be taken into account by the itinerary generator 202.Furthermore, as the risk data changes for the accommodations, thereal-time suggestion generator 200 can generate updates to theaccommodations, e.g., replacement accommodations.

In some embodiments, the itinerary generator 202 can generate a travelplan that avoids stopping in, or traveling through, one or more highinfection geographic areas. For example, based on the location basedhealth data received from the health data systems 111, the itinerarygenerator 202 can identify what flights, busses, or trains that stop,transfer, or move through geographic areas associated with high risk.The itinerary generator 202 can generate a travel plan includingtransportation selections that avoid the geographic areas with infectionlevels above a particular amount and instead route transportationthrough low risk geographic areas, geographic areas that have a lowerlevel of infection risk than the high risk geographic areas.

The real-time suggestion generator 200 can be configured to generate thereal-time travel suggestions 204 during travel of the user associatedwith the user device 210. The real-time suggestion generator 200 canreceive real-time risk data streams, e.g., from the systems 106-116 thatindicates changes or developments in risk. The real-time travelsuggestions 204 can indicate one or more changes to transportation,restaurants, hotels, etc. that mitigate or reduce risk levels for theitinerary 206 of the user associated with the user device 210.

For example, based on contact tracing data received from the contacttracing system 116, the real-time suggestion generator 200 can determinethat the user will have an overlapping contact in an airport, on aplane, within a hotel within an infected person. To avoid making contactwith the infected person or persons, the real-time suggestion generator200 can recommend alternative transportation, restaurants, or overnightaccommodations that avoid contact with individuals or reduce a number ofinfected individuals that the user associated with the user device 210may come into contact with. The real-time suggestion generator 200 canbe configured to predictive a level of separation from infected personsduring travel to determine a risk score and, based on the risk score,generate the real-time travel suggestions 204.

In some embodiments, the real-time travel suggestions 204 are based onlocation data received from the user device 210 and the location basedhealth data received from the health data systems 111. For example, if auser stops at a restaurant in a geographic area associated with highinfection rates (e.g., there is a hospital blocks from the restaurantswith a high number of hospitalized infected persons) which can bedetermined by the real-time suggestion generator 200 from the locationdata of the user device 210 and the location based health data of thehealth data systems 111, the real-time suggestion generator 200 cangenerate a suggestion to avoid the restaurant. In some embodiments, thereal-time travel suggestions 204 are suggestions to adjust certain legsof travel, change a travel time (e.g., shift by a day or week), orutilize risk mitigation (e.g., use of a mast, sanitization, socialdistancing, etc.)

In some embodiments, the travel application 124 can receive a plannedactivity from the user device 210 and score the activity with a riskscore. For example, the user may ask a question, “How risky is it todine downtown in Chicago tonight?” and the travel application 124 canrespond to the question by calculating a risk score for Chicago diningbased on infection levels in the city, based on contact traces in anarea, whether the user plans to dine indoors or outdoors, sanitizingscores for restaurants, ratings for social distancing practices, levelsof law enforcement, predicted weather (e.g., whether indoor or outdoorseating will be available). The risk score for the activity can providean indication of how risky planned behaviors are.

Referring now to FIG. 3, a flow diagram of a process 300 of generatingand dynamically updating a travel itinerary based on disease relatedrisk that can be performed by the travel application 124 is shown,according to an exemplary embodiment. In some embodiments, the travelapplication 124 is configured to perform some or all of the steps of theprocess 300. In some embodiments, any computing device as describedherein can be configured to perform the process 300.

In step 302, the travel application 124 can receive travel dataassociated with a travel plan of a user, the travel plan indicating oneor more travel locations. The travel plan can indicate one or moredestinations that the user will be visiting and approximate or definitetimes and/or days that the user needs to arrive in each destination. Thetravel plan can indicate preferred transportation options (e.g., rentalcar, airplane, bus, etc.), food preferences (e.g., vegan or vegetariandining, preference for certain types of food, etc.), and/or any othertravel preference of the user.

In step 304, the travel application 124 can receive risk data associatedwith one or more transportation methods to the one or more travellocations. For example, the travel application 124 can determine that adirect bus route from a first city to another city is less risky than aflight with multiple connections from the first city to the second city.The travel application 124 could select a first flight over a secondflight in response to determining that infected individuals are bookedfor the second flight. Furthermore, the travel application 124 canselect hotels and/or restaurants based on risk data associate with thehotels and restaurants.

In step 306, the travel application 124 generates the travel itineraryfor the user. The travel itinerary can include one or more selectedtravel methods (e.g., a flight, a rental car, a bus, etc.), one or morerestaurants, one or more over night stay accommodations, etc. In someembodiments, the user can review and edit the itinerary. Any changes theuser makes to the itinerary can be associated with risk scores that thetravel application 124 can provide to the user so that the userunderstands increases or decreases in risk associated with the actions.The user can accept the travel itinerary and the travel application 124can book the travel methods, restaurants, and hotels for the user.

In some embodiments, the travel application 124 generates an infectiontravel risk score. The infection travel risk score can be displayed to auser via the user device 210 to provide a user with an indication oftheir travel risk. The infection travel risk score can be a value,level, or other indicator that indicates a risk associated with catchinga disease. The infection travel risk score can be generated based onrisk data indicating levels of risk associated with travel destinationsof the user. The risk data can indicate infection levels associated withthe travel destinations, population levels of the destinations, diseaseprevention practices performed at the destinations (e.g., lockdowns, useof masks, etc.), etc. Based on the risk destination risk data, thetravel application 124 can generate the travel risk score.

Furthermore, in addition to, or instead of generating the travel riskscore based on the destination risk data, the travel application 124 cangenerate the travel risk score based on personal risk data associatedwith the user. The personal risk data can indicate a risk associatedwith the user of the user device 210. The personal risk data canindicate the age of the user, the body mass index (BMI) of the user,medical conditions of the user (e.g., asthma, heart related problems),and/or activities performed by the user (e.g., whether the userfrequently exercises, smokes, adheres to a vegan or vegetarian diet,consumes alcohol, etc.). In this regard, the travel risk score may behigher for a user that has asthma and is older than a particular age. Incomparison, an infection travel risk scores of a user that exercisesfrequently and is younger than the particular age may have a lower riskscore.

In some embodiments, the infection travel risk score changes overtime asdata is collected. The travel application 124 can generate suggestionsto update the travel plan of the user based on change in the infectionrisk score. For example, if the infection travel risk score increases toa value greater than a particular amount caused by change in thedestination risk data or the personal risk data, the travel application124 can generate a suggested update to the travel plan.

In some embodiments, the travel application 124 can generate multipledifferent travel routes from a travel plan of a user indicating anoriginating location and one or more travel destinations. The travelapplication 124 can score each route with an infection route risk scoreindicating the level of risk that a user experiences when traveling onthe route. The infection route risk score can indicate infection risklevels associated with each travel route and/or personal risk dataassociated with the user. The travel application 124 can generate asuggestion to travel on one route of the routes associated with a lowestinfection route risk score, can generate a user interface indicatingeach travel route and the score of each route, and/or can generate alist of the routes sorted in order of lowest risk score to highest riskscore.

In step 308, the travel application 124 can receive risk updatesassociated with the travel itinerary during travel by the user. Theupdates may be threat events such as the rapid spread of a disease in ageographic area, an indication that an infected user has booked a hotelroom in a hotel that the user is staying in, and/or any other update torisk levels associated with the itinerary of the user.

In step 310, the travel application 124 can generate one or more travelsuggestions for the user that mitigate or reduce the risk updates. Forexample, if the user plans to stop at a restaurant in a geographic areathat has greatly increased in infection levels, the suggestion could beto dine in a geographic area with a lower infection level. Similarly, ifa flight is cancelled and a user will need to dwell in an airport for anextended period of time, the suggestion may be to take a direct bus tothe destination instead of waiting in the airport. In step 312, thetravel application 124 can update the travel itinerary based on the oneor more suggestions in response to receiving user approval of thechanges.

In some embodiments, at the end of the trip performed by the user, thetravel application 124 can generate a summary page. The summary page canindicate an original risk score for the tip of the user generated by thetravel application 124 and a concluding risk score based on deviationsthat the user has performed. For example, the concluding risk score canindicate what a user has done while traveling, where they have stayed,where they have eaten, and/or what other people the user has come intocontact with.

Referring now to FIG. 4, the trusted service provider application 128 isshown in greater detail, according to an exemplary embodiment. Thetrusted service provider application 128 can communicate with serviceprovider systems 400 and 402. The service provider systems 400 and 402can be retail businesses, car rental businesses, airlines, airports, buscompanies, restaurants, catering companies, and/or any other type ofservice provider. The trusted service provider application 128 canreceive service provider data from the service provider systems 400.

The service provider data can be data of a health data stream associatedwith the service provider systems 400 and/or risk data streams. Forexample, the service provider data could indicate whether one or moresocial distancing practices, disinfection practices, and/or any otherhealth related practices are performed by the service provider systems400 to reduce the risk of spreading disease. The risk related data canbe an indication of infection levels for geographic areas that stores ofthe service provider are located, numbers of infected individualsfrequenting the stores, and/or any other risk related data.

The performance analyzer 404 can be configured to analyze the serviceprovider data, e.g., correlate the health data streams and the risk datastreams, to determine whether the service provider systems 400 aretrusted or are not trusted. Trusted service provider systems can beadded or maintained in a trusted provider list 406 while serviceproviders that are not trusted can be removed from the trusted providerlist 406. Furthermore, in some embodiments, the performance analyzer 404can analyze the health data indicating health practices by each of theservice provider systems 400. Inspection data received form an inspectorsystem 410 can confirm that the health practices that the serviceprovider systems 400 claims to practice are actually practiced.

For example, a hotel might score each room that people have stayedwithin based on contact tracing data, temperature measurements, and/or asurvey. Each room could be rated based on risk and only low risk roomsrented out to individuals. In some embodiments, a heat map view could beprovided by the hotel to users to determine whether or not to book roomsin the hotel and/or what rooms that user would like to book. Based onthese health practices, the performance analyzer 404 can determine thatthe hotel is a trusted service and can add the hotel to the trustedprovider list 406.

The trusted service providers of the trusted provider list 406 can beconfigured to share disease related information with each other,facilitate contact tracing, etc. Furthermore, since the serviceproviders of the trusted provider list may all perform health relatedtests for employees, sanitization of their physical stores, etc., otherservice providers may likely wish to do business with the serviceproviders since they have been verified as being low health riskbusinesses. For example, a car service that rents cars can rate each carwith a health risk score. If a service provider of the trusted providerlist 406 wishes to rent cars from the service provider, as part of thetrusted provider list 406, the car service may rent the service providerlow risk score cars.

The service provider systems 402 and/or the user device 210 may accessthe trusted provider list 406 if the service provider systems 402 and/orthe user of the user device 210 are subscribed to the trusted providerlist 406. The service provide selector 408 can receive a query from theservice provider systems 402 and/or the user device 210 for arecommended service provider. For example, the query could requestrecommended hotels or recommended airlines. The service providerselector 408 can query the trusted provider list 406 and return therecommended service provider to the service provider systems 402 and/orthe user device 210. The service provider systems 402 may consult thetrusted provider list 406 to help identify business partners while theuser device 210 may consult the list to identify a service provider topurchase a product or service from.

In some embodiments, service providers of the trusted provider list 406share risk data with each other. The risk data could be the health datastreams or the risk data streams described with reference to FIG. 1 andelsewhere herein. The risk data can indicate the precautions or risksassociated with assets of the service providers, e.g., what types ofcleaning or health policies are performed at a physical store, whetherinfected individuals have visited physical sites, rented cars, stayed inhotel rooms, etc. In some cases, one service provider of the trustedprovider list 406 can provide a request for risk data for anotherservice provider of the trusted provider list 406 to the application128. The application 128 can determine whether the one service providerhas access to the risk data of the other service provider and responseto the one service provider with the risk data in response todetermining that the one service provider has access to the otherservice provider. In some embodiments, the trusted provider list 406indicates one or more services providers that each service provider doesand does not have risk data access for.

In some embodiments, the risk data that the services providers shareindicate risk levels associated with assets of each service provider.For example, the risk level associated with a hotel room, a physicalbrick and mortar store, a conference room, a rental car, etc. In thisregard, one service provider would have the data to make decisions suchas reserve the safest hotel rooms, the safest conference rooms, visitthe safest physical brick and mortar stores, etc.

Referring now to FIG. 5, a process 500 of managing a trusted network ofservice providers based on disease related risk that can be performed bythe trusted service provider application 128 is shown, according to anexemplary embodiment. In some embodiments, the trusted service providerapplication 128 is configured to perform some or all of the steps of theprocess 500. In some embodiments, any computing device as describedherein can be configured to perform the process 500.

In step 502, the trusted service provider application 128 receives arequest from a service provider system to be added to a trusted networkof service providers. The service provider may be an airline, a hotelchain, a hotel location, an airport, a retail store, a retail chain,etc.

In step 504, the trusted service provider application 128 can receivehealth safety performance data associated with the service provider. Thehealth safety performance data can include health data of a health datastream and risk data of a risk data stream. The health data can indicateperformance of the service provider with respect to practicing socialdistancing, disinfection practices performed by the service provider,employee health testing, etc. The risk data can indicate whether theservice provider is located in a high infection area, whether theservice provider has been frequented by infected individuals, etc.

The health data and the risk data can be included within, or otherwiseindicated by, a manifest. The manifest can be the manifest describedwith reference to FIGS. 13-14 and can be stored by the service provider.The trusted service provider application 128 is configured to validatethe manifest received from the service provider, in some embodiments,based on another copy of the manifest stored in a blockchain and createdby an external system. The trusted service provider application 128 canverify a hashed copy of the manifest stored in the blockchain, verifysignatures of the service provider and/or the external system, etc. asdescribed with reference to FIGS. 13-14.

In step 506, the trusted service provider application 128 can analyzethe safety performance data to determine whether the service providermeets a level of health safety. The trusted service provider application128 can correlate the health data of the health data stream with therisk data of the risk data stream to determine whether the serviceprovider meets the level of safety. In step 508, in response to adetermination that the service provider meets the safety level, thetrusted service provider application 128 can add the service provider tothe trusted network of service providers.

In step 510, the trusted service provider application 128 can receive arequest from a device for a recommended service provider of the trustednetwork of service providers. For example, the device may be a userdevice of a user that wishes to purchase a product or service from atrusted service provider. In some embodiments, the device is a device ofanother service provider that would like to partner with a trustedservice provider of the trusted service provider network. In step 512,in response to receiving the request, the trusted service providerapplication 128 can provide an indication of the service provider of thetrusted network of service providers to the device.

Referring now to FIG. 6, the preferred consumer service application 126is shown in greater detail, according to an exemplary embodiment. Thepreferred consumer service application 126 can be an opt-in applicationthat a user subscribes to. The preferred consumer service application126 can offer users dynamic pricing and/or access to the serviceproviders of the trusted provider list 406. In some embodiments, thepreferred consumer service application 126 is subscribed to by a userfor a family. The preferred consumer service application 126 can providea family member, or all family members, with risk data for each familymember, real-time tracking, and/or risk levels for each family member.

The user device 210 can provide a request to be added to the consumerservice and approval to access private data associated with the user ofthe user device 210 to the preferred consumer service application 126. Asafety behavior analyzer 604 can receive consumer behavior data from aphysical store system 112. The consumer behavior data can further bereceived from any of the systems 106-116. In some embodiments, theconsumer behavior data is consumer data of a surveillance system 114that indicates actions performed by a user within a physical store,e.g., wearing a mask, practicing social distancing, disinfecting, etc.Furthermore, the safety behavior analyzer 604 can receive health dataassociated with the user from a private health data system 602. Thehealth data indicates whether the user has tested positive or negativefor a disease, a recent body temperature measurement, etc.

The safety behavior analyzer 604 can analyze the consumer behavior, thehealth data, and/or various streams of risk data to determine a safetyrating for the user. The risk data may indicate what geographic areasthe user has visited and what infection levels are associated with thosegeographic areas, whether the user has come into contact with infectedindividuals, etc. The risk score can be provided to the consumer listupdater 608. The consumer list updater 608 can add the user to theconsumer list 610 and/or remove the consumer from the consumer list 610based on the safety rating. If the safety rating is above a particularamount, the user can be added to the consumer list 610. If the safetyrating is less than the particular amount, the user can be withheld fromor removed from the consumer list 610.

Users of the consumer list 610 who may practice social distancing withina store, the user can be award a price discount for a product orservice. The consumer discount generator 606 can generate a pricediscount for the user and provide the discount to the user device 210.Furthermore, if the user has been added to the consumer list 610, theuser may have access to restricted store hours. The restricted storehour provider 612 can provide restricted store hours of the trustedprovider list 614 to the user device 210. In some embodiments, therestricted store hour provider 612 can provide an identify or acredential of the user that has access to the restricted store hours tothe physical store system 112 for automatic access to the physical storeduring restricted store hours.

Referring now to FIG. 7, a process 700 of managing a trusted consumerservice based on disease related risk that can be performed by thepreferred consumer service application 126, according to an exemplaryembodiment. In some embodiments, the trusted service providerapplication 128 is configured to perform some or all of the steps of theprocess 700. In some embodiments, any computing device as describedherein can be configured to perform the process 700.

In step 702, the preferred consumer service application 126 receives arequest to be added to a consumer service and approval to access privatedate from a user device of a user. The user, in some embodiments, mayprovide payment information to subscribe themselves, and/or their familymembers to the consumer service.

In step 704, the preferred consumer service application 126 can receiveconsumer health behavior data from a physical store system. The consumerhealth behavior data may be data of a health data stream that indicatesthe precautions that the user is taking within the physical store, e.g.,social distancing, opting in to contact tracing, using disinfection,wearing a mask, etc. The health behavior data can be a written surveythat a user fills out to indicate what precautions the user has or istaking to avoid contracting or spreading a disease. Furthermore, thehealth behavior data could be video surveillance data indicating thatthe user has or is taking precautions to avoid contracting or spreadinga disease in a physical store of a service provider.

In step 706, based on the consumer health behavior data, the preferredconsumer service application 126 can determine whether the behavior ofthe user meets one or more health safety rules. Furthermore, thepreferred consumer service application 126 can receive risk dataassociated with the user. The risk data may indicate whether the userhas recently been located in high infection geographic areas, has optedinto a trusted traveler program that tracks activity of a user, has comeinto contact with infected individuals, etc. The preferred consumerservice application 126 can correlate the risk data stream with thehealth data stream to determine whether the user poses a health risk tothe physical building.

In some embodiments, the consumer health behavior data is travel historydata of a user. For example, the travel history may indicate one ormultiple geographic locations that the user has been present at, one ormultiple restaurants that the user has eaten at, and/or one or morehotels that the user has stayed at, etc. The analysis to determinewhether the user should be added to a trusted consumer list and/ordetermine whether the user meets the one or more health safety rules canbe performed based on the travel history data. The analysis can includedetermining a risk level for a user and comparing the risk level to athreshold by the travel application 124.

In some embodiments, the travel history data can be stored in a manifestof the user device and can be validated based on a copy of the manifeststored in the blockchain. In this regard, the preferred consumer serviceapplication 126 can be configured to receive the manifest from the userdevice and validate the manifest based on a hashed copy of the manifeststored in the blockchain. The consumer service application 126 canverify a signature of the manifest of the user device and/or an externalsystem that records the activity of the user. The verification of themanifest is described in greater detail with reference to FIGS. 13-14.

In step 708, in response to determining that the behavior of the usermeets the one or more health safety rules, the preferred consumerservice application 126 can provide a discount to the user device forthe user. The discount can incentive the user to continue practicingsocial distancing techniques while in the physical store, wearing amask, etc. Furthermore, in step 710, the preferred consumer serviceapplication 126 can provide the user via the user device with access tothe physical store at one or more restricted hours. The restricted hoursmay be hours only available to users that have a risk score less than aparticular amount.

Referring now to FIG. 8, a process 800 of generating an infection travelrisk score for a user by the travel application 124 is shown, accordingto an exemplary embodiment. In some embodiments, the travel application124 is configured to perform some or all of the steps of the process800. In some embodiments, any computing device as described herein canbe configured to perform the process 800.

In step 802, the travel application 124 receives travel data for atravel plan of a user indicating one or more travel destinations. Thetravel data can indicate a departure location, a departure time, adestination, and/or a destination time. The travel data can furtherinclude travel preferences, e.g., flight times (e.g., morning flightsvs. red eye flights), preferred modes of travel (e.g., preference forusing a bus), and/or any other indication of travel. The travel data canindicate a single travel destination or a sequence of traveldestinations that a user plans on visiting, e.g., a set of cities thatthe user is traveling to for a vacation and/or a business trip.

In step 804, the travel application 124 receives destination risk dataindicating a destination risk of one or more travel destinationsassociated with a transmission of an infectious disease. For example,the destination risk data can indicate a level of risk that a user mayexperience in a particular geographic area. For example, when thedestination is a particular city, the city may have particularpercentage of infected individuals that are infected with the infectiousdisease. The higher number of infected individuals, and/or a higher therate of increase in the number of infected individuals, can indicaterisk data for the destination.

In some embodiments, the destination is a particular hotel, a particularbusiness campus, etc. The destination risk data can indicate the numberof infected individuals at the destination. In some embodiments, thedestination risk data can indicate a time since which an infectedindividual was last at the destination.

In step 806, the travel application 124 receives personal risk dataindicating a risk of the user associated with the infectious disease.For example, the personal risk data can indicate characteristics of auser that is traveling. For example, the health of the user, the age ofthe user, and/or other information of the user. For example, thepersonal risk data could indicate health conditions of the user, e.g.,whether the user has asthma, whether the user has a heart problem,whether the user has had a stroke, etc. The personal risk data canfurther indicate whether the user exercises frequently, has had amedical checkup recently, etc. The personal risk data can indicatewhether the user is immune to a disease. For example, the personal riskdata could indicate the results of an antibody test indicating that theuser has previously caught and recovered from a disease. This canindicate that the user is immune to catching the disease.

In step 808, the travel application 124 can generate an infection travelrisk score for the user based on the destination risk data received inthe step 804 and/or the personal risk data received in the step 806. Thetravel application 124 can weigh the personal risk data against thedestination risk data. For example, the travel application 124 cangenerate a higher infection travel risk score for the user when the useris susceptible to an infectious disease. For example, for a user that isat a particular age susceptible to a disease, the infection travel riskscore can be set to a high value in response to the user traveling to,or being present, at a destination or location where an infectedindividual has recently been present.

Referring now to FIG. 9, a system 900 of the risk analytics system 110performing risk scoring for an external system 906 is shown, accordingto an exemplary embodiment. The system 900 includes a privateinformation database 902, a user device 904, an external system 906, andthe risk analytics system 110. The private information database 902 canbe a database of disease risk related data, e.g., the health datastreams, the risk data streams, antibody data of a user, infectiontravel risk scores (e.g., as determined by the travel application 124)and/or the threat events described with reference to FIG. 1. The privateinformation database 902 can be any type of database, e.g., a private orpublic blockchain database (e.g., as described with reference to FIGS.13-14), a Structured Query Language (SQL) database, a RelationalDatabase Management System (RDMS) database, a relational database, anon-SQL (NoSQL) database, a non-relational database, etc.

The external system 906 can be a system external to the risk analyticssystem 110. For example, the external system 906 can be managed by athird party entity separate from the risk analytics system 110. Theexternal system 906 can be a government customs system 908. The userdevice 904 may send an access request to the government customs system908. In response to the access request, the government customs system908 can request an infectious disease risk level for the user of theuser device 904 and receive a risk scoring result from the riskanalytics system 110. The government customs system 908, which may be adomestic or international system, can use the score to determine whetherto grant the user entry into a country or location within a country. Thescore can be a credential, a trusted passport, and/or e-passportindicating that the user does not pose a threat to the country and/orthe location within the country.

For example, if one country is blocking entry of travelers from anothercountry, the first country could use the risk scoring to make exceptionsfor travelers from the second country if the travelers are scored at alow risk score, a risk score less than a particular amount indicatingthat the user poses a low risk of brining an infectious disease into thecountry. Various governments, government agencies (e.g., military,customs, etc.) can use the risk scoring provided by the risk analyticssystem 110.

In some embodiments, the external system 906 includes an overnightaccommodations system 910, a physical store system 912, a hospitalsystem 914, and/or a meeting scheduling system 916. The systems 910-916could communicate with the risk analytics system 110 to determine riskscores that can be used to determine whether a user should have accessto an overnight accommodation, access to shopping at a physical store,entry into a hospital, determine whether an employee can work onpremises instead of remotely and/or can attend a meeting in person orshould alternatively attend the meeting online. For example, if a userhas recently traveled to a risky location, a location with a highinfection count, the user may be asked to attend a meeting remotely orquarantine before returning to work in an office by the meetingscheduling system 916 communicating with the user device 904.

Instead of exposing the private information of the user of the userdevice 904 stored in the private information database 902, the riskanalytics system 110 can act as a clearing house that validatesthreshold risk scores without exposing private information. The riskscoring result can be a numerical value of risk for a user and/or a passfail binary value. In some embodiments, the request for infectiousdisease risk level review by the external system 906 includes a set ofcriterion of the external system 906. The risk analytics system 110 canbe configured to query the private information of the user from theprivate information database 902 and determine whether the user meetsthe criterion. The risk analytics system 110 can return the score and/ora binary result of the analysis.

The risk analytics system 110 can be configured to score the privatedata of the user to determine a risk score of the user. The riskanalytics system 110 can be configured to compare the risk score to athreshold to determine whether the risk score of the user is greater orless than the threshold. If the risk score is greater than thethreshold, the risk may be too great. The risk score may be aprobability of the user having the infectious disease. The score can bebased on historical activities of the user, whether the user has comeinto contact with infected individuals, whether the user has been testedfor the infectious disease, whether the user has been present in highinfection areas, etc.

Referring now to FIG. 10, a process 1000 of performing risk scoring bythe risk analytics system of FIG. 1 for the external system of FIG. 9 isshown, according to an exemplary embodiment. The process 1000 can beperformed by the components of FIG. 9, e.g., the user device 904, theexternal system 906, and/or the risk analytics system 110. However, theprocess 1000 can be performed by any computer system or device describedherein.

In step 1002, the external system 906 receives an access request from auser device 904. The access request can be triggered by a userrequesting some sort of access, e.g., entry into a country, entry into abuilding, approval to work on-premises, inclusion in a physical meeting,etc. In step 1004, the external system 906 requests an infectiousdisease risk level of the user of the user device 904 to be reviewed bythe risk analytics system 110. The request can further indicate thereview or approval criteria that should be applied by the risk analyticssystem 110.

In step 1006, the risk analytics system 110 can receive personal riskdata indicating a risk of the user associated with the infectiousdisease from the private information database 902. In step 1008, therisk analytics system 110 can generate a risk score based on thepersonal risk data received in the step 1006. The risk analytics system110 can determine what level of risk the user poses based on where theuser has recently been located (e.g., in high infection geographic areasor low infection geographic areas), has come into contact with aninfected individual, etc. The risk analytic system 110 can provide ascore and/or a result of a comparison of the score to a threshold to theexternal system 906. In some embodiments, the risk scoring can includegenerating an infection travel risk score by the travel application 124.

Referring now to FIG. 11, a system 1100 of the risk analytics system 110sharing infectious disease data with another user device 1102 or theexternal system 906 based on a command received from the user device1102 is shown, according to an exemplary embodiment. The data sharing ofFIG. 11 illustrates a user device sharing infectious disease data toanother user device or another external system. However, the datasharing can be performed between two employees (e.g., peer to peer), anemployer and a partner system, a user and an airline, a user and ahospitality entity, etc.

In some embodiments, the system 110 can facilitate a sharing feature forthe user device 904 via a message (e.g., a text message, an email,etc.). The user deice 904 shares a risk score or disease data with otherusers, e.g., the user device 1102. Furthermore, the risk analyticssystem 110 can facilitate data sharing with outside systems, e.g., theexternal system 906. For example, if the user associated with the userdevice 904 is visiting a campus, the user may share their infectiousdisease risk data with the external system of the campus.

As another example, a healthcare facility could receive infectiousdisease data from the risk analytics system 110 to help identify what iswrong with a patient. For example, if a user has been present in aparticular country where an infectious disease is present, theinfectious disease data received from the risk analytics system 110could be used by a doctor or nurse to identify what is wrong with thepatient. In some embodiments, the system 1100 facilitates bi-directionaldata sharing between a testing lab, a hospital, and/or a user.

In some embodiments, the infectious disease data shared by the riskanalytics system 110 is a credential of a user of the user device 904.The credential can be a credential that gives an anonymized risk scorefor the user of the user device 904 that the user can share with othersystems or devices. In some embodiments, the risk analytics system 110issues an enhanced credential that includes a description of personaldata of the user. In some embodiments, the external system 906 firstreceives a normal credential to determine whether the user meets athreshold. After the system determines that the user meets thethreshold, the risk analytics system 110 can expose more information ofthe user to the system in the form of the enhanced credential. Thenormal and enhanced credentials can be opted into or opted out of by auser of the user device 904.

In some embodiments, the risk analytics system 110 may issue an antibodycredential for a user. If the user has previously caught an infectiousdisease but has built up the antibodies to be immune to the infectiousdisease, the risk analytics system 110 may issue an antibody credentialto the user that can be shared with other systems. The antibodycredential can be generated in response to receiving antibody data froma medical testing system that may process an antibody test result of auser.

The risk analytics system 110 can be configured to collect infectiousdisease data from the private information database 902. The infectiousdisease data can be associated with a user of the user device 904, e.g.,indicate a travel history of the user, indicate a risk level of theuser, indicate what other individuals the user has come into contactwith, include the health data streams, the risk data streams, etc. Therisk analytics system 110 can share the infectious disease data with theuser device 904 in response to receiving a request. In some embodiments,the risk analytics system 110 generates a link to the infectious diseasedata and provides the user device 904 with the link so that the userdevice 904 can share the link with other devices, e.g., the user device1102.

In some embodiments, the risk analytics system 110 performs scoringbased on the infectious disease data to generate a risk level or riskcredential for the user of the user device 904. The risk scoring can bethe same or similar to the risk scoring described with reference toFIGS. 9-10.

Referring now to FIG. 12, a flow diagram of a process 1200 of sharinginfectious disease data with another user device or the external system906 based on a command received from the user device 904 is shown,according to an exemplary embodiment. The process 1200 can be performedby the components of FIG. 11, e.g., the user device 904, the externalsystem 906, the user device 1102, and/or the risk analytics system 110.However, the process 1200 can be performed by any computer system ordevice described herein.

In step 1202, the risk analytics system 110 receives a command to shareinfectious disease data from the user device 904. The command canindicate that a user of the user device 904 has given approval to shareprivate data of the user with other users and/or systems. In someembodiments, the command indicates particular users and/or systems thatthe user would like to share the infectious disease data with.

In response to the approval received in the step 1202, the riskanalytics system 110 can collect infectious disease data in step 1204.In some embodiments, the risk analytics system 110 collects risk data ofthe user, e.g., travel data, what hotels the user has stayed at, whetherthe user has tested positive or negative for an infectious disease, etc.The risk data can further indicate scores, e.g., a risk score calculatedby the risk analytics system 110 indicating how likely the user is toinfect others with an infectious disease. In some embodiments,collecting the infectious disease data includes collecting an infectiontravel risk score determined by the travel application 124 from theprivate information database 902.

In step 1206, the risk analytics system 110 can provide at least one ofthe infectious disease data or a link to the infectious disease to theuser device 904. The infectious disease data can be the data collectedand/or determined in the step 1204 by the risk analytics system 110. Insome embodiments, the risk analytics system 110 generates a webpage oranother data storage element that stores the infectious disease data.The risk analytics system 110 can provide a link to the webpage or otherdata storage element to the user device 904. In some embodiments, anyuser and/or particular user accounts can access the link. In step 1208,the user of the user device 904 can share the infectious disease dataand/or a link to the infectious disease data with the user device 1102and/or the external system 906. In some embodiments, in step 1210, therisk analytics system 110 sends the infectious disease data directly tothe external system 906 and/or the user device 1102.

Referring now to FIG. 13, a system 1300 configured to add a manifestindicating user activity of the user of the user device to a blockchain1302 is shown, according to an exemplary embodiment. The system 1300includes a number of nodes 1312-1322 communicating via the network 104.The nodes 1312-1322 can be various computer systems, devices, servers,etc. In some embodiments, the nodes 1312-1322 are the services andsystems described in FIG. 1 and elsewhere herein.

The nodes 1312-1322 are shown to include the blockchain 1302. Theblockchain 1302 can be a chain of data blocks where each data block islinked to a previous block, thus, forming a chain. The chain may be achain of sequentially ordered blocks. In some embodiments, theblockchain 1302 is a private blockchain that is accessible to onlyparticular systems with proper access credentials. In some embodiments,the blockchain 1302 is a public blockchain that is accessible by anysystem.

The blockchain database 1302 can include any number of blocks and newblocks can be added to the blockchain database 1302 by the nodes1312-1322 and/or by any other system in communication with the nodes1312-1322. Three blocks of the blockchain database 1302 are shown inFIG. 13, block 1304, block 1306, and block 1308. Each block is shown toinclude a nonce, data, a hash, and a hash of the previous block in thechain. The blockchain 1302 is illustrated right to left, that is, therightmost block is the oldest block shown in FIG. 13 while the leftmostblock is the newest block shown in FIG. 13. The data of each block canbe private infectious disease data of a user, travel data of the user,health data of the user, data of the health data streams, data of therisk data streams, etc.

The blocks 1304-1308 are shown to include a nonce value. The nonce valuecan be a value that when hashed with the data of the block and theprevious hash, in addition to other information, results in a hash thatmeets a difficulty requirement. In FIG. 13, the hashes are shown ashexadecimal numbers. In FIG. 13, the difficulty requirement is that thefirst three values of each hash are zero but any difficulty requirementfor the hashes can be utilized in the system 1300. Any of the nodes1312-1322 can attempt to generate a block with a hash value that meetsthe difficulty requirement. In some embodiments, some and/or all ofnodes 1312-1322 operate to generate a hash value for a new block to beadded to the blockchain 1302. If one of the nodes 1312-1322 generates ahash that meets the difficulty requirement, that node can add the blockto the blockchain 1302 and notify the other nodes of the solved block sothat the other nodes can also add the solved block to the blockchain1302 that each of the other nodes stores.

The blockchain 1302 can be configured to store user scores, infectiousdisease data, and/or private data of a user. The blockchain 1302 can beutilized to validate risk scores and/or infectious disease data of auser. In some embodiments, the blockchain 1302 is a distributed ledgerfor a network of systems, e.g., for restaurants, retail businesses,commercial businesses, car rental services, taxi services, rideshareservices, etc. for communicating infectious disease data in a trustednetwork of systems. In some embodiments, the blockchain 1302 can be usedto distribute a history of user events or activities, risk flags,infectious disease risk scores for users, and/or a token or data thatprovides that a user have been avoiding risky places and risky activity.In some embodiments, businesses and/or other entities may provide a userwith different levels of access to locations and/or geographic areasbased on a score of a user.

The blockchain 1302 can help make private data anonymous but widelyaccessible and available to other systems if a user wishes for the datato be shared. The blockchain 1302 can be used to prove that private dataof a user stored in the blockchain 1302 is not being tampered with. Theblockchain 1302 can be a private blockchain, a public blockchain, and/ora combination of a private and a public blockchain. A public blockchaincan be an open source blockchain while a private blockchain may have oneor multiple defined entities controlling the public blockchain.

In some embodiments, the system 1300 can be configured to capture andstore events in the blockchain 1302. The events can be stored as thedata within the blocks of the blockchain, e.g., each block can store oneor a set of events. In response to an event occurring, the system 1300can add a new block including data for the event.

In some embodiments, the external system 906, via a blockchain service1302 run by the external system 906, generates a manifest for an event.The manifest may be a data file describing an activity that a userassociated with the user device 904 has performed and/or engaged in. Forexample, the manifest may describe a stay at a hotel, a visit to arestaurant, a ride in a car of a rideshare service, a flight taken bythe user, a bus ridden by the user, etc. The manifest may include adescription of the activity, an identification of the user performingthe activity (e.g., an anonymous user identifier tied back to the user),a date of the activity, a beginning time of the activity, an ending timeof the activity, and/or any other data.

The manifest can be generated by the external system 906 for the user ofthe user device 904 and provided by the external system 906 to the userdevice 904. The external system 906 can be a system for a hotel and cangenerate the manifest for an overnight stay of the user of the userdevice 904. In some embodiments, the external system 906 can be a systemof a restaurant and can generate the manifest for a dining visit of theuser of the user device 904. The user device 904 can sign the manifestwith a private key of the user device 904. The private key may be linkedto a public identifier, a public key, associated with the user device904. The user device 904 can return the signed manifest to the externalsystem 906.

In some embodiments, a blockchain service 1324 of the user device 904signs the manifest received from the external system 906 and returns themanifest to the external system 906. Furthermore, the blockchain service1324 can maintain a log of manifests for all events of the user. Whenthe user of the user device 904 needs to verify a past event, e.g., aparticular manifest, with another system, the external system 1328, theblockchain service 1324 can provide the manifest (or a portion of themanifest log or the entire manifest log) to the external system 1328 forverification. The verification performed by the external system 1328 canbe performed by the blockchain service 1326.

In response to receiving a signed manifest from the user device 904, theexternal system 906 can sign the manifest received from the user device904. In some embodiments, the external system 906 can sign the manifestbefore providing the manifest to the user device 904 for signature bythe user device 904. The signature by the external system 906 can verifythat the external system 906 is the source of the manifest. The externalsystem 906 can sign the manifest with a private key. Furthermore, theexternal system 906 can hash the signed manifest. The external system906 can be configured to perform any type of hashing algorithm, e.g.,MD5, SHA-2, CRC32, etc. The external system 906 can be configured to addthe hashed manifest to the blockchain 1302.

In some embodiments, the user device 904 can validate a manifest withanother external system. For example, the user of the user device 904may stay in a hotel associated with the external system 906. The usermay then wish to eat a restaurant associated with the external system1328. However, the external system 1328 may first verify what hotel theuser associated with the user device 904 has stayed in before the userassociated with the user device 904 is allowed to eat at the restaurant.The user device 904 can provide the manifest to the external system1328.

The external system 1328 can verify the manifest received from the userdevice 904 with the blockchain 1302. The external system 1328 can hashthe manifest received from the user device 904 to determine that thehashed manifest received from the user device 904 matches the hashedmanifest stored in the blockchain 1302. Furthermore, the external system1328 can verify the signature of the manifest stored in the blockchain1302 and/or the manifest received from the user device 904 with a publickey of the user device 904. The external system 1328 can verify asignature of the external system 906 of the manifest stored in theblockchain 1302 and/or the manifest received from the user device 904with a public key of the external system 906.

The external system 1328, via the signed and hashed manifest of theblockchain 1302, can verify that the manifest of the blockchain 1302identifies the user of the user device 904. The signature of themanifest provided by the user device 904 included within the blockchain1302 can verify that the user associated with the user device 904. Thesignature does not expose the identity of the user of the user device904 but can be used by the external system 1328 to identify the user andverify that an event claimed to be associated with the user is actuallyassociated with the user.

In some embodiments, the private log of manifests stored by the userdevice 904 can be used to validate activities with employers (e.g., todetermine whether the user provides a risk of spreading an infectiousdisease and whether the user should return to work), health agencies(e.g., to determine whether the user provides a risk of spreading aninfectious disease and/or whether the user should be allowed to enter acountry or geographic district), and/or any other entity or system.Furthermore, because the information stored within the blockchain 1302does not expose private information of the user of the user device 904but only includes signed and hashed data, the user of the user device904 can choose what systems and/or entities that the user provides theirmanifest log to. In this regard, the history of events associated withthe user of the user device 904 are kept private but can be verifiedthrough the blockchain 1302 in response to the user providing theirmanifest log for verification.

In some embodiments, the manifest based blockchain event tracking of thesystem 1300 can be utilized to track a group of users. For example, acompany may employ the system of 1300 to track employees, a state mayuse the system 1300 to track the activities of its citizens, a hospitalmay use the system 1300 to track the activities of its patients, etc.The events can indicate the locations of a user, the restaurant visitsof a user, the transit use of the user, etc. Based on the events storedwithin the blockchain 1302, the risk analytics system 110 (e.g., thetravel application 124 performing the process 800 described withreference to FIG. 8) can generate an infectious disease risk scoreindicating how likely a user is to spread an infectious disease. Theblockchain 1302 can store travel locations of a user at multiple placesthroughout a day, week, month, and/or year. The travel application 124can generate the risk score based on the risk levels associated withvarious geographic locations, retail stores visited by the user, hotelsstayed in, restaurants that the user has eaten in, etc.

Referring now to FIG. 14, a process 1400 where a manifest is added tothe blockchain 1302 and used to verify user activity of the user of theuser device 904 is shown, according to an exemplary embodiment. Thesystems, devices, and databases shown performing the process 1400 can bethe systems, devices, and databases described with reference to FIG. 13.Furthermore, FIG. 14 includes an employer system 1402 which may be asystem associated with an employer of the user of the user device 904.The external system 1328, the employer system 1402, the user device 904,the external system 906, and/or the blockchain 1302 can perform someand/or all of the steps of the process 1400.

The process 1400 can utilize the blockchain 1302 to document thetraveler behavior of individuals. Due to the private nature of travel,some individuals may not want to be tracked publically but would ratherprefer to be tracked indirectly and/or privately. If a user opts in forindirect tracking, the travel behavior of the user can be identifiedwith information stored in the blockchain 1302 in combination withinformation carried in the user device 904 to provide a verifiable trackand trace of the individual. The blockchain 1302 can provide a signedartifact, e.g., the manifest, the can be used to verify the activity ofthe user of the user device 904.

In step 1404, the external system 906 can register an identifier andcredential pair with the blockchain 1302 and/or a service that managesthe blockchain 1302. The identifier may be a number, text, and/or analphanumeric value that uniquely identifies the external system 906.Furthermore, the external system 906 can further register a credentialpair including a public key and a private key with the blockchain 1302.In some embodiments, the identifier of the external system 906 is thepublic key. The public key and the private key can be used to sign dataand/or documents and verify the signature of the external system 906,e.g., the external system 906 can sign the data with the private keywhile another entity (e.g., the external system 1328) can verify thesignature of the data with the public key.

In step 1406, the user device 904 can register an identifier and acredential pair with the blockchain 1302 and/or a service that managesthe blockchain 1302. The identifier may be a number, text, and/or analphanumeric value that uniquely identifies the user device 904.Furthermore, the user device 904 can further register a credential pairincluding a public key and a private key with the blockchain 1302. Insome embodiments, the identifier of user device 904 is the public key.The public key and the private key can be used to sign data and/ordocuments and verify the signature of the user device 904, e.g., theuser device 904 can sign the data with the private key while anotherentity (e.g., the external system 1328) can verify the signature of thedata with the public key.

In step 1408, the external system generates a manifest and provides themanifest to the user device 904. The user of the user device 904 mayperform an event, e.g., a travel activity associated with travel of theuser. For example, the user of the user device 904 may stay at a hotelassociated with the external system 906. The manifest may be a receiptof the stay of the user of the user device 904. The receipt, themanifest, can include metadata describing the stay of the user, e.g.,the name of the hotel, the room number of the room that the user stayedin, the check-in date, the check-out date, etc. In some embodiments, themanifest is signed by the external system 906 with a private key of theexternal system 906 before the manifest is provided to the user device904.

In step 1410, the user device 904 signs the manifest with the privatekey of the user device 904. In some embodiments, the user reviews themanifest via a display screen of the user device 904 to verify that theinformation of the manifest is accurate and provides the user device 904with an authorization to sign the manifest via an input device of theuser device 904. In step 1412, the user device 904 provides the signedmanifest to the external system 906.

In step 1414, the external system 906 hashes the manifest (e.g., with orwithout the signatures of the external system 906 and the user device904) and stores the hashed manifest in the blockchain 1302. The manifestcan be stored with a date and time. The data and time may be provided bya trusted time keeping system.

Steps 1416 and 1418 are optional and are shown in dashed lines. In step1416, the signed manifest can be provided to the employer system 1402.If the user is opted into a private verification/tracking system, e.g.,with the employer system 1402, the manifest could be uploaded to theemployer system 1402 for record keeping and storage. The employer canverify the authenticity of the manifest if desired by looking for thedate and/or time, an optional transaction identifier, and/or any othermetadata, and verify, via the blockchain 1302, that the hash was in factstored in the blockchain for that manifest

In step 1418, the employer system 1402 can analyze a behavior history ofthe user. The employer system 1402 can utilize the uploaded manifest todetermine if the user has traveled to a hotspot during a respective timeperiod (e.g., during the last two weeks if the incubation period for thevirus is two weeks). The employer system 1402 can also use the manifestto auto-populate the expenses reporting system for the user. In someembodiments, the external system 906 can provide the manifest directlyto the employer system 1402. For example, the external system 906 and anemployer may have a contract relationship and the external system 906could upload the manifest to employer systems automatically and notrequire the user to do so.

In steps 1404-1414, no user identifiable information is shared about theuser of the user device 904 in the blockchain 1302. While the identifierof the user device 904 and/or the identifier of the external system 906may be stored in the manifest, the exact name of the user of the userdeice 904 and/or the name of the external system 906 may not be storedin the manifest. The only information that is stored in the blockchain1302 is the record that the external system 906 added to the blockchain,the hash of the manifest and the date and time the manifest was signed,and other relevant and non-identifying metadata.

If the external system 1328 (e.g., a trusted third party such as acompany) wanted to verify the location of an individual for a period oftime, the external system 1328 could send a request for a manifestrecord of a particular time and/or manifest records of a particular timeperiod. The user of the user device 904 could respond to the request bythe external system 1328 and send the external system 1328 the manifest(or manifest records for a requested time period) via the user device904 (or the external system 906 could send the external system 1328 themanifest) (steps 1420 and/or 1422). The user device 904 could identifyone or multiple manifests that are associated with a time within thetime period specified by the external system 1328 and respond to theexternal system 1328 with the identified manifest or manifests.

In step 1424, the external system 1328 can verify the manifest receivedfrom the user device 904. The external system 1328 can use public keysof the user device 904 and/or the external system 906 to verify theauthenticity of the manifest stored in the blockchain 1302 and/or themanifest received from the user device 904. For example, the externalsystem 1328 can verify signatures of the user device 904 and/or theexternal system 906 with public keys of the user device 904 and/or theexternal system 906 respectively.

Furthermore, the external system 1328 can compare the received manifestto the manifest of the blockchain 1302 to verify that the receivedmanifest matches the copy of the manifest stored in the blockchain 1302.In some embodiments, because the copy of the manifest stored in theblockchain 1302 is hashed, the external system 1328 may first hash themanifest received from the user 904 and compare the received hashedmanifest to the hashed manifest stored in the blockchain 1302 to verifythat the two hashed manifests match. The hashing algorithms used by theexternal system 1328 and/or the external system 906 may be the same.

In step 1426, the external system 1328 can analyze the behavior of theuser indicated by the manifest. The blockchain 1302 and manifest recordscould also be used to provide an attestation that the user has not beenexposed to a hotspot area without divulging their travel data. Forexample, a hotel may require attestation that a user has not been in ahotspot area before the user is permitted to stay at a hotel. A thirdparty attestation service could be used that would allow the user toupload their manifests during the requested time period (data onlyuploaded to the third party service not the company wanting theverification). The third party attestation service would verify theauthenticity of the manifests and based on the location and/or date thetraveler was at each location. This information could be comparedagainst a database that contains information on the risk of geographicareas at the time periods when the user visited those areas (e.g.,number of infected individuals that were at those locations, etc.) and ascore could then be generated and securely sent to a requestor. Thiswould allow the requestor to understand the risk profile of the travelerbut in a way in which they have no information or details about wherethat individual has traveled but instead of an attestation from a thirdparty service

Configuration of Exemplary Embodiments

The construction and arrangement of the systems and methods as shown inthe various exemplary embodiments are illustrative only. Although only afew embodiments have been described in detail in this disclosure, manymodifications are possible (e.g., variations in sizes, dimensions,structures, shapes and proportions of the various elements, values ofparameters, mounting arrangements, use of materials, colors,orientations, etc.). For example, the position of elements may bereversed or otherwise varied and the nature or number of discreteelements or positions may be altered or varied. Accordingly, all suchmodifications are intended to be included within the scope of thepresent disclosure. The order or sequence of any process or method stepsmay be varied or re-sequenced according to alternative embodiments.Other substitutions, modifications, changes, and omissions may be madein the design, operating conditions and arrangement of the exemplaryembodiments without departing from the scope of the present disclosure.

The present disclosure contemplates methods, systems and programproducts on any machine-readable media for accomplishing variousoperations. The embodiments of the present disclosure may be implementedusing existing computer processors, or by a special purpose computerprocessor for an appropriate system, incorporated for this or anotherpurpose, or by a hardwired system. Embodiments within the scope of thepresent disclosure include program products comprising machine-readablemedia for carrying or having machine-executable instructions or datastructures stored thereon. Such machine-readable media can be anyavailable media that can be accessed by a general purpose or specialpurpose computer or other machine with a processor. By way of example,such machine-readable media can comprise RAM, ROM, EPROM, EEPROM, CD-ROMor other optical disk storage, magnetic disk storage or other magneticstorage devices, or any other medium which can be used to carry or storedesired program code in the form of machine-executable instructions ordata structures and which can be accessed by a general purpose orspecial purpose computer or other machine with a processor. Wheninformation is transferred or provided over a network or anothercommunications connection (either hardwired, wireless, or a combinationof hardwired or wireless) to a machine, the machine properly views theconnection as a machine-readable medium. Thus, any such connection isproperly termed a machine-readable medium. Combinations of the above arealso included within the scope of machine-readable media.Machine-executable instructions include, for example, instructions anddata which cause a general purpose computer, special purpose computer,or special purpose processing machines to perform a certain function orgroup of functions.

Although the figures show a specific order of method steps, the order ofthe steps may differ from what is depicted. Also two or more steps maybe performed concurrently or with partial concurrence. Such variationwill depend on the software and hardware systems chosen and on designerchoice. All such variations are within the scope of the disclosure.Likewise, software implementations could be accomplished with standardprogramming techniques with rule based logic and other logic toaccomplish the various connection steps, processing steps, comparisonsteps and decision steps.

In various implementations, the steps and operations described hereinmay be performed on one processor or in a combination of two or moreprocessors. For example, in some implementations, the various operationscould be performed in a central server or set of central serversconfigured to receive data from one or more devices (e.g., edgecomputing devices/controllers) and perform the operations. In someimplementations, the operations may be performed by one or more localcontrollers or computing devices (e.g., edge devices), such ascontrollers dedicated to and/or located within a particular building orportion of a building. In some implementations, the operations may beperformed by a combination of one or more central or offsite computingdevices/servers and one or more local controllers/computing devices. Allsuch implementations are contemplated within the scope of the presentdisclosure. Further, unless otherwise indicated, when the presentdisclosure refers to one or more computer-readable storage media and/orone or more controllers, such computer-readable storage media and/or oneor more controllers may be implemented as one or more central servers,one or more local controllers or computing devices (e.g., edge devices),any combination thereof, or any other combination of storage mediaand/or controllers regardless of the location of such devices.

1. A system comprising one or more memory devices having instructionsstored thereon, that, when executed by one or more processors, cause theone or more processors to: receive a request from a user device to add auser to a user service associated with a provider of goods or services;receive health behavior data of a health behavior data stream associatedwith behavior of the user relating to a spread of an infectious diseaseat a physical location; retrieve a copy of the health behavior data froma blockchain and validate the health behavior data received from thehealth behavior data stream based on the copy of the health behaviordata retrieved form the blockchain; determine whether the user meets oneor more health safety levels based on the health behavior data streamresponsive to validating the health behavior data; add the user as amember to the user service in response to a determination that the usermeets the one or more health safety levels, the user service including aplurality of members that meet the one or more health safety levels; andgenerate an access indication for the user to access the physicallocation at one or more particular times assigned to the plurality ofmembers of the user service to access the physical location in responseto the determination that the user meets the one or more health safetylevels.
 2. The system of claim 1, wherein the instructions cause the oneor more processors to provide the access indication to the user deviceof the user, wherein the access indication is at least one of acredential, an access password, or an identifier.
 3. The system of claim1, wherein the instructions cause the one or more processors to: add theuser to a shopper list of shoppers in response to the determination thatthe user meets one or more health safety rules; receive second healthbehavior data associated with a second user of the shopper list ofshoppers; determine, based on an analysis of the second heath behaviordata, that the second user has broken the one or more health safetyrules; and remove the second user from the shopper list of shoppers inresponse to a second determination that the second user has broken theone or more health safety rules.
 4. The system of claim 1, wherein theinstructions cause the one or more processors to: receive a serviceprovider request for a particular service provider of a list of serviceproviders from the user device; verify that the user of the user devicehas access to the list of service providers; and provide an indicationof the particular service provider to the user device.
 5. The system ofclaim 1, wherein the instructions cause the one or more processors toreceive risk data of a risk data stream indicating risk levelsassociated with the user; wherein the instructions cause the one or moreprocessors to determine whether the user meets one or more health safetylevels by correlating the health behavior data of the health behaviordata stream with the risk data of the risk data stream.
 6. The system ofclaim 5, wherein the risk data indicates at least one of diseaseinfection levels of one or more geographic areas that the user has beenpresent within during a particular period of time or contact of the userwith one or more infected persons.
 7. The system of claim 1, wherein theaccess indication is associated with access to the physical location atone or more restricted hours restricted for members of the user service.8. The system of claim 7, wherein the instructions cause the one or moreprocessors to provide an identity of the user to a physical locationsystem of the physical location, wherein the physical location system isconfigured to receive the identity of the user via one or more sensingdevices of the physical location and operate one or more doors toprovide the user access to the physical location based on the identityof the user.
 9. The system of claim 1, wherein the health behavior datais received from a surveillance system and is video data of the user atthe physical location; wherein the instructions cause the one or moreprocessors to determine whether the health behavior data meets one ormore health safety levels by analyzing the video data to determinewhether the user follows one or more health safety rules within thephysical location.
 10. The system of claim 9, wherein the one or morehealth safety rules include one or more social distancing guidelines,use of a mask, or use of sanitization within the physical location. 11.The system of claim 1, wherein the instructions cause the one or moreprocessors to: receive a manifest from the user device of the userrepresenting a travel activity performed by the user; receive a secondmanifest from the blockchain, wherein the second manifest is a copy ofthe manifest, wherein the second manifest is stored in the blockchain byan external system to create a record of the travel activity performedby the user; validate the manifest received from the user device withthe second manifest of the blockchain; and determine whether the usermeets one or more health safety levels based on the health behavior datastream and the travel activity.
 12. The system of claim 11, wherein thesecond manifest includes a first signature of the user device and asecond signature of the external system; wherein the instructions causethe one or more processors to: determine that the first signature isauthentic with a first public key of the user device; and determine thatthe second signature is authentic with a second public key of theexternal system.
 13. The system of claim 11, wherein the second manifestis hashed by the external system; wherein the instructions cause the oneor more processors to validate the manifest received from the userdevice by determining that the manifest matches the second manifest byhashing the manifest received from the user device and comparing a hashof the manifest received from the user device to the second manifesthashed by the external system.
 14. A method comprising: receiving, by aprocessing circuit, a request from a user device of a user to add theuser to a user service associated with a provider of goods or services;receiving, by the processing circuit, health behavior data of a healthbehavior data stream associated with behavior of the user relating to aspread of an infectious disease at a physical location; retrieving, bythe processing circuit, a copy of the health behavior data from ablockchain and validate the health behavior data received from thehealth behavior data stream based on the copy of the health behaviordata retrieved form the blockchain; determining, by the processingcircuit, whether the user meets one or more health safety levels basedon the health behavior data responsive to validating the health behaviordata; adding, by the processing circuit, the user as a member to theuser service in response to a determination that the user meets the oneor more health safety levels, the user service including a plurality ofmembers that meet the one or more health safety levels; and generating,by the processing circuit, an access indication for the user to accessthe physical location at one or more particular times assigned to theplurality of members of the user service to access the physical locationin response to the determination that the user meets the one or morehealth safety levels.
 15. The method of claim 14, further comprising:adding, by the processing circuit, the user to a shopper list ofshoppers in response to the determination that the user meets one ormore health safety rules; receiving, by the processing circuit, secondhealth behavior data associated with a second user of the shopper listof shoppers; determining, by the processing circuit, based on ananalysis of the second heath behavior data, that the second user hasbroken the one or more health safety rules; and removing, by theprocessing circuit, the second user from the shopper list of shoppers inresponse to a second determination that the second user has broken theone or more health safety rules.
 16. The method of claim 14, wherein themethod further comprises: receiving, by the processing circuit, aservice provider request for a particular service provider of a list ofservice providers from the user device; verifying, by the processingcircuit, that the user of the user device has access to the list ofservice providers; and providing, by the processing circuit, anindication of the particular service provider to the user device. 17.The method of claim 14, wherein the access indication is associated withaccess to the physical location at one or more restricted hoursrestricted for members of the user service.
 18. The method of claim 14,receiving, by the processing circuit, risk data of a risk data streamindicating risk levels associated with the user; wherein determining, bythe processing circuit, whether the user meets one or more health safetylevels comprises correlating the health behavior data of the healthbehavior data stream with the risk data of the risk data stream.
 19. Themethod of claim 18, wherein the risk data indicates at least one ofdisease infection levels of one or more geographic areas that the userhas been present within during a particular period of time or contact ofthe user with one or more infected persons.
 20. The method of claim 14,wherein the health behavior data is received from a surveillance systemand is video data of the user at the physical location; wherein themethod further comprises determining, by the processing circuit, whetherthe health behavior data meets the one or more health safety levels byanalyzing the video data to determine whether the user follows one ormore health safety rules within the physical location.
 21. The method ofclaim 20, wherein the one or more health safety rules include one ormore social distancing guidelines, use of a mask, or use of sanitizationwithin the physical location.
 22. A system comprising: one or morememory devices having instructions stored thereon; and one or moreprocessors configured to execute the instructions to: receive a requestfrom a user device of a user to add the user to a user serviceassociated with a provider of goods or services; receive a travelhistory of the user indicating a plurality of destinations that the userhas traveled to; retrieve a copy of the travel history from a blockchainand validate the travel history based on the copy of the travel historyretrieved form the blockchain; determine whether the user meets one ormore health safety levels by analyzing the travel history of the userresponsive to validating the travel history; add the user as a member tothe user service in response to a determination that the user meets theone or more health safety levels, the user service including a pluralityof members that meet the one or more health safety levels; and generatean access indication for the user to access a physical location at oneor more particular times assigned to the plurality of members of theuser service to access the physical location in response to thedetermination that the user meets the one or more health safety levels.23. The system of claim 22, wherein the instructions cause the one ormore processors to: add the user to a shopper list of shoppers inresponse to the determination that the user meets one or more healthsafety rules; receive second health behavior data associated with asecond user of the shopper list of shoppers; determine, based on ananalysis of the second heath behavior data, that the second user hasbroken the one or more health safety rules; and remove the second userfrom the shopper list of shoppers in response to a second determinationthat the second user has broken the one or more health safety rules. 24.The system of claim 22, wherein the travel history indicates whether theuser has previously contracted and recovered from an infectious disease.25. The system of claim 22, wherein the instructions cause the one ormore processors to: receive a manifest from the user device of the userrepresenting a travel activity performed by the user; receive a secondmanifest from the blockchain, wherein the second manifest is a copy ofthe manifest, wherein the second manifest is stored in the blockchain byan external system to create a record of the travel activity performedby the user; and validate the manifest received from the user devicewith the second manifest of the blockchain.
 26. The system of claim 25,wherein the second manifest includes a first signature of the userdevice and a second signature of the external system; wherein theinstructions cause the one or more processors to: determine that thefirst signature is authentic with a first public key of the user device;and determine that the second signature is authentic with a secondpublic key of the external system.
 27. The system of claim 25, whereinthe second manifest is hashed by the external system; wherein theinstructions cause the one or more processors to validate the manifestreceived from the user device by determining that the manifest matchesthe second manifest by hashing the manifest received from the userdevice and comparing a hash of the manifest received from the userdevice to the second manifest hashed by the external system.